1 1.7 pgoyette /* $NetBSD: ip_htable.c,v 1.7 2016/06/09 04:43:46 pgoyette Exp $ */ 2 1.1 christos 3 1.1 christos /* 4 1.1 christos * Copyright (C) 2012 by Darren Reed. 5 1.1 christos * 6 1.1 christos * See the IPFILTER.LICENCE file for details on licencing. 7 1.1 christos */ 8 1.1 christos #if defined(KERNEL) || defined(_KERNEL) 9 1.1 christos # undef KERNEL 10 1.1 christos # undef _KERNEL 11 1.1 christos # define KERNEL 1 12 1.1 christos # define _KERNEL 1 13 1.1 christos #endif 14 1.1 christos #include <sys/param.h> 15 1.2 christos #if defined(__NetBSD__) 16 1.2 christos # if (NetBSD >= 199905) && !defined(IPFILTER_LKM) && defined(_KERNEL) 17 1.7 pgoyette # if (__NetBSD_Version__ >= 799003000) 18 1.7 pgoyette # if defined(_KERNEL_OPT) 19 1.7 pgoyette # include "opt_ipfilter.h" 20 1.7 pgoyette # endif 21 1.7 pgoyette # else 22 1.7 pgoyette # include "opt_ipfilter.h" 23 1.7 pgoyette # endif 24 1.2 christos # endif 25 1.2 christos #endif 26 1.1 christos #include <sys/types.h> 27 1.1 christos #include <sys/errno.h> 28 1.1 christos #include <sys/time.h> 29 1.1 christos #include <sys/file.h> 30 1.1 christos #if !defined(_KERNEL) 31 1.1 christos # include <stdlib.h> 32 1.1 christos # include <string.h> 33 1.1 christos # define _KERNEL 34 1.1 christos # ifdef __OpenBSD__ 35 1.1 christos struct file; 36 1.1 christos # endif 37 1.1 christos # include <sys/uio.h> 38 1.1 christos # undef _KERNEL 39 1.1 christos #endif 40 1.1 christos #include <sys/socket.h> 41 1.1 christos #if defined(__FreeBSD_version) && (__FreeBSD_version >= 300000) 42 1.1 christos # include <sys/malloc.h> 43 1.1 christos #endif 44 1.1 christos #if defined(__FreeBSD__) 45 1.1 christos # include <sys/cdefs.h> 46 1.1 christos # include <sys/proc.h> 47 1.1 christos #endif 48 1.1 christos #if !defined(__svr4__) && !defined(__SVR4) && !defined(__hpux) && \ 49 1.1 christos !defined(linux) 50 1.1 christos # include <sys/mbuf.h> 51 1.1 christos #endif 52 1.1 christos #if defined(_KERNEL) 53 1.1 christos # include <sys/systm.h> 54 1.1 christos #else 55 1.1 christos # include "ipf.h" 56 1.1 christos #endif 57 1.1 christos #include <netinet/in.h> 58 1.1 christos #include <net/if.h> 59 1.1 christos 60 1.1 christos #include "netinet/ip_compat.h" 61 1.1 christos #include "netinet/ip_fil.h" 62 1.1 christos #include "netinet/ip_lookup.h" 63 1.1 christos #include "netinet/ip_htable.h" 64 1.1 christos /* END OF INCLUDES */ 65 1.1 christos 66 1.1 christos #if !defined(lint) 67 1.2 christos #if defined(__NetBSD__) 68 1.2 christos #include <sys/cdefs.h> 69 1.7 pgoyette __KERNEL_RCSID(0, "$NetBSD: ip_htable.c,v 1.7 2016/06/09 04:43:46 pgoyette Exp $"); 70 1.2 christos #else 71 1.3 darrenr static const char rcsid[] = "@(#)Id: ip_htable.c,v 1.1.1.2 2012/07/22 13:45:19 darrenr Exp"; 72 1.2 christos #endif 73 1.1 christos #endif 74 1.1 christos 75 1.1 christos # ifdef USE_INET6 76 1.2 christos static iphtent_t *ipf_iphmfind6(iphtable_t *, i6addr_t *); 77 1.1 christos # endif 78 1.2 christos static iphtent_t *ipf_iphmfind(iphtable_t *, struct in_addr *); 79 1.2 christos static int ipf_iphmfindip(ipf_main_softc_t *, void *, int, void *, u_int); 80 1.2 christos static int ipf_htable_clear(ipf_main_softc_t *, void *, iphtable_t *); 81 1.2 christos static int ipf_htable_create(ipf_main_softc_t *, void *, iplookupop_t *); 82 1.2 christos static int ipf_htable_deref(ipf_main_softc_t *, void *, void *); 83 1.2 christos static int ipf_htable_destroy(ipf_main_softc_t *, void *, int, char *); 84 1.2 christos static void *ipf_htable_exists(void *, int, char *); 85 1.2 christos static size_t ipf_htable_flush(ipf_main_softc_t *, void *, 86 1.2 christos iplookupflush_t *); 87 1.2 christos static void ipf_htable_free(void *, iphtable_t *); 88 1.2 christos static int ipf_htable_iter_deref(ipf_main_softc_t *, void *, int, 89 1.2 christos int, void *); 90 1.2 christos static int ipf_htable_iter_next(ipf_main_softc_t *, void *, ipftoken_t *, 91 1.2 christos ipflookupiter_t *); 92 1.2 christos static int ipf_htable_node_add(ipf_main_softc_t *, void *, 93 1.2 christos iplookupop_t *, int); 94 1.2 christos static int ipf_htable_node_del(ipf_main_softc_t *, void *, 95 1.2 christos iplookupop_t *, int); 96 1.2 christos static int ipf_htable_remove(ipf_main_softc_t *, void *, iphtable_t *); 97 1.2 christos static void *ipf_htable_soft_create(ipf_main_softc_t *); 98 1.2 christos static void ipf_htable_soft_destroy(ipf_main_softc_t *, void *); 99 1.2 christos static int ipf_htable_soft_init(ipf_main_softc_t *, void *); 100 1.2 christos static void ipf_htable_soft_fini(ipf_main_softc_t *, void *); 101 1.2 christos static int ipf_htable_stats_get(ipf_main_softc_t *, void *, 102 1.2 christos iplookupop_t *); 103 1.2 christos static int ipf_htable_table_add(ipf_main_softc_t *, void *, 104 1.2 christos iplookupop_t *); 105 1.2 christos static int ipf_htable_table_del(ipf_main_softc_t *, void *, 106 1.2 christos iplookupop_t *); 107 1.2 christos static int ipf_htent_deref(void *, iphtent_t *); 108 1.2 christos static iphtent_t *ipf_htent_find(iphtable_t *, iphtent_t *); 109 1.2 christos static int ipf_htent_insert(ipf_main_softc_t *, void *, iphtable_t *, 110 1.2 christos iphtent_t *); 111 1.2 christos static int ipf_htent_remove(ipf_main_softc_t *, void *, iphtable_t *, 112 1.2 christos iphtent_t *); 113 1.2 christos static void *ipf_htable_select_add_ref(void *, int, char *); 114 1.2 christos static void ipf_htable_expire(ipf_main_softc_t *, void *); 115 1.1 christos 116 1.1 christos 117 1.1 christos typedef struct ipf_htable_softc_s { 118 1.1 christos u_long ipht_nomem[LOOKUP_POOL_SZ]; 119 1.1 christos u_long ipf_nhtables[LOOKUP_POOL_SZ]; 120 1.1 christos u_long ipf_nhtnodes[LOOKUP_POOL_SZ]; 121 1.1 christos iphtable_t *ipf_htables[LOOKUP_POOL_SZ]; 122 1.1 christos iphtent_t *ipf_node_explist; 123 1.1 christos } ipf_htable_softc_t; 124 1.1 christos 125 1.1 christos ipf_lookup_t ipf_htable_backend = { 126 1.1 christos IPLT_HASH, 127 1.1 christos ipf_htable_soft_create, 128 1.1 christos ipf_htable_soft_destroy, 129 1.1 christos ipf_htable_soft_init, 130 1.1 christos ipf_htable_soft_fini, 131 1.1 christos ipf_iphmfindip, 132 1.1 christos ipf_htable_flush, 133 1.1 christos ipf_htable_iter_deref, 134 1.1 christos ipf_htable_iter_next, 135 1.1 christos ipf_htable_node_add, 136 1.1 christos ipf_htable_node_del, 137 1.1 christos ipf_htable_stats_get, 138 1.1 christos ipf_htable_table_add, 139 1.1 christos ipf_htable_table_del, 140 1.1 christos ipf_htable_deref, 141 1.1 christos ipf_htable_exists, 142 1.1 christos ipf_htable_select_add_ref, 143 1.1 christos NULL, 144 1.1 christos ipf_htable_expire, 145 1.1 christos NULL 146 1.1 christos }; 147 1.1 christos 148 1.1 christos 149 1.1 christos /* ------------------------------------------------------------------------ */ 150 1.1 christos /* Function: ipf_htable_soft_create */ 151 1.1 christos /* Returns: void * - NULL = failure, else pointer to local context */ 152 1.1 christos /* Parameters: softc(I) - pointer to soft context main structure */ 153 1.1 christos /* */ 154 1.1 christos /* Initialise the routing table data structures where required. */ 155 1.1 christos /* ------------------------------------------------------------------------ */ 156 1.1 christos static void * 157 1.2 christos ipf_htable_soft_create(ipf_main_softc_t *softc) 158 1.1 christos { 159 1.1 christos ipf_htable_softc_t *softh; 160 1.1 christos 161 1.1 christos KMALLOC(softh, ipf_htable_softc_t *); 162 1.3 darrenr if (softh == NULL) { 163 1.3 darrenr IPFERROR(30026); 164 1.1 christos return NULL; 165 1.3 darrenr } 166 1.1 christos 167 1.1 christos bzero((char *)softh, sizeof(*softh)); 168 1.1 christos 169 1.1 christos return softh; 170 1.1 christos } 171 1.1 christos 172 1.1 christos 173 1.1 christos /* ------------------------------------------------------------------------ */ 174 1.1 christos /* Function: ipf_htable_soft_destroy */ 175 1.1 christos /* Returns: Nil */ 176 1.1 christos /* Parameters: softc(I) - pointer to soft context main structure */ 177 1.1 christos /* arg(I) - pointer to local context to use */ 178 1.1 christos /* */ 179 1.1 christos /* Clean up the pool by free'ing the radix tree associated with it and free */ 180 1.1 christos /* up the pool context too. */ 181 1.1 christos /* ------------------------------------------------------------------------ */ 182 1.1 christos static void 183 1.2 christos ipf_htable_soft_destroy(ipf_main_softc_t *softc, void *arg) 184 1.1 christos { 185 1.1 christos ipf_htable_softc_t *softh = arg; 186 1.1 christos 187 1.1 christos KFREE(softh); 188 1.1 christos } 189 1.1 christos 190 1.1 christos 191 1.1 christos /* ------------------------------------------------------------------------ */ 192 1.1 christos /* Function: ipf_htable_soft_init */ 193 1.1 christos /* Returns: int - 0 = success, else error */ 194 1.1 christos /* Parameters: softc(I) - pointer to soft context main structure */ 195 1.1 christos /* arg(I) - pointer to local context to use */ 196 1.1 christos /* */ 197 1.1 christos /* Initialise the hash table ready for use. */ 198 1.1 christos /* ------------------------------------------------------------------------ */ 199 1.1 christos static int 200 1.2 christos ipf_htable_soft_init(ipf_main_softc_t *softc, void *arg) 201 1.1 christos { 202 1.1 christos ipf_htable_softc_t *softh = arg; 203 1.1 christos 204 1.1 christos bzero((char *)softh, sizeof(*softh)); 205 1.1 christos 206 1.1 christos return 0; 207 1.1 christos } 208 1.1 christos 209 1.1 christos 210 1.1 christos /* ------------------------------------------------------------------------ */ 211 1.1 christos /* Function: ipf_htable_soft_fini */ 212 1.1 christos /* Returns: Nil */ 213 1.1 christos /* Parameters: softc(I) - pointer to soft context main structure */ 214 1.1 christos /* arg(I) - pointer to local context to use */ 215 1.1 christos /* Locks: WRITE(ipf_global) */ 216 1.1 christos /* */ 217 1.1 christos /* Clean up all the pool data structures allocated and call the cleanup */ 218 1.1 christos /* function for the radix tree that supports the pools. ipf_pool_destroy is */ 219 1.1 christos /* used to delete the pools one by one to ensure they're properly freed up. */ 220 1.1 christos /* ------------------------------------------------------------------------ */ 221 1.1 christos static void 222 1.2 christos ipf_htable_soft_fini(ipf_main_softc_t *softc, void *arg) 223 1.1 christos { 224 1.1 christos iplookupflush_t fop; 225 1.1 christos 226 1.1 christos fop.iplf_type = IPLT_HASH; 227 1.1 christos fop.iplf_unit = IPL_LOGALL; 228 1.1 christos fop.iplf_arg = 0; 229 1.1 christos fop.iplf_count = 0; 230 1.1 christos *fop.iplf_name = '\0'; 231 1.1 christos ipf_htable_flush(softc, arg, &fop); 232 1.1 christos } 233 1.1 christos 234 1.1 christos 235 1.1 christos /* ------------------------------------------------------------------------ */ 236 1.1 christos /* Function: ipf_htable_stats_get */ 237 1.1 christos /* Returns: int - 0 = success, else error */ 238 1.1 christos /* Parameters: softc(I) - pointer to soft context main structure */ 239 1.1 christos /* arg(I) - pointer to local context to use */ 240 1.1 christos /* op(I) - pointer to lookup operation data */ 241 1.1 christos /* */ 242 1.1 christos /* Copy the relevant statistics out of internal structures and into the */ 243 1.1 christos /* structure used to export statistics. */ 244 1.1 christos /* ------------------------------------------------------------------------ */ 245 1.1 christos static int 246 1.2 christos ipf_htable_stats_get(ipf_main_softc_t *softc, void *arg, iplookupop_t *op) 247 1.1 christos { 248 1.1 christos ipf_htable_softc_t *softh = arg; 249 1.1 christos iphtstat_t stats; 250 1.1 christos int err; 251 1.1 christos 252 1.1 christos if (op->iplo_size != sizeof(stats)) { 253 1.1 christos IPFERROR(30001); 254 1.1 christos return EINVAL; 255 1.1 christos } 256 1.1 christos 257 1.1 christos stats.iphs_tables = softh->ipf_htables[op->iplo_unit + 1]; 258 1.1 christos stats.iphs_numtables = softh->ipf_nhtables[op->iplo_unit + 1]; 259 1.1 christos stats.iphs_numnodes = softh->ipf_nhtnodes[op->iplo_unit + 1]; 260 1.1 christos stats.iphs_nomem = softh->ipht_nomem[op->iplo_unit + 1]; 261 1.1 christos 262 1.1 christos err = COPYOUT(&stats, op->iplo_struct, sizeof(stats)); 263 1.1 christos if (err != 0) { 264 1.1 christos IPFERROR(30013); 265 1.1 christos return EFAULT; 266 1.1 christos } 267 1.1 christos return 0; 268 1.1 christos 269 1.1 christos } 270 1.1 christos 271 1.1 christos 272 1.1 christos /* ------------------------------------------------------------------------ */ 273 1.1 christos /* Function: ipf_htable_create */ 274 1.1 christos /* Returns: int - 0 = success, else error */ 275 1.1 christos /* Parameters: softc(I) - pointer to soft context main structure */ 276 1.1 christos /* arg(I) - pointer to local context to use */ 277 1.1 christos /* op(I) - pointer to lookup operation data */ 278 1.1 christos /* */ 279 1.1 christos /* Create a new hash table using the template passed. */ 280 1.1 christos /* ------------------------------------------------------------------------ */ 281 1.1 christos static int 282 1.2 christos ipf_htable_create(ipf_main_softc_t *softc, void *arg, iplookupop_t *op) 283 1.1 christos { 284 1.1 christos ipf_htable_softc_t *softh = arg; 285 1.3 darrenr iphtable_t htab, *iph, *oiph; 286 1.1 christos char name[FR_GROUPLEN]; 287 1.1 christos int err, i, unit; 288 1.1 christos 289 1.3 darrenr if (op->iplo_size != sizeof(htab)) { 290 1.3 darrenr IPFERROR(30024); 291 1.3 darrenr return EINVAL; 292 1.3 darrenr } 293 1.3 darrenr err = COPYIN(op->iplo_struct, &htab, sizeof(htab)); 294 1.3 darrenr if (err != 0) { 295 1.3 darrenr IPFERROR(30003); 296 1.3 darrenr return EFAULT; 297 1.3 darrenr } 298 1.3 darrenr 299 1.1 christos unit = op->iplo_unit; 300 1.3 darrenr if (htab.iph_unit != unit) { 301 1.3 darrenr IPFERROR(30005); 302 1.3 darrenr return EINVAL; 303 1.3 darrenr } 304 1.3 darrenr if (htab.iph_size < 1) { 305 1.3 darrenr IPFERROR(30025); 306 1.3 darrenr return EINVAL; 307 1.3 darrenr } 308 1.3 darrenr 309 1.3 darrenr 310 1.1 christos if ((op->iplo_arg & IPHASH_ANON) == 0) { 311 1.1 christos iph = ipf_htable_exists(softh, unit, op->iplo_name); 312 1.1 christos if (iph != NULL) { 313 1.1 christos if ((iph->iph_flags & IPHASH_DELETE) == 0) { 314 1.1 christos IPFERROR(30004); 315 1.1 christos return EEXIST; 316 1.1 christos } 317 1.1 christos iph->iph_flags &= ~IPHASH_DELETE; 318 1.1 christos iph->iph_ref++; 319 1.1 christos return 0; 320 1.1 christos } 321 1.1 christos } 322 1.1 christos 323 1.1 christos KMALLOC(iph, iphtable_t *); 324 1.1 christos if (iph == NULL) { 325 1.1 christos softh->ipht_nomem[op->iplo_unit + 1]++; 326 1.1 christos IPFERROR(30002); 327 1.1 christos return ENOMEM; 328 1.1 christos } 329 1.3 darrenr *iph = htab; 330 1.1 christos 331 1.1 christos if ((op->iplo_arg & IPHASH_ANON) != 0) { 332 1.1 christos i = IPHASH_ANON; 333 1.1 christos do { 334 1.1 christos i++; 335 1.6 christos snprintf(name, sizeof(name), "%u", i); 336 1.1 christos for (oiph = softh->ipf_htables[unit + 1]; oiph != NULL; 337 1.1 christos oiph = oiph->iph_next) 338 1.1 christos if (strncmp(oiph->iph_name, name, 339 1.1 christos sizeof(oiph->iph_name)) == 0) 340 1.1 christos break; 341 1.1 christos } while (oiph != NULL); 342 1.1 christos 343 1.1 christos (void)strncpy(iph->iph_name, name, sizeof(iph->iph_name)); 344 1.1 christos (void)strncpy(op->iplo_name, name, sizeof(op->iplo_name)); 345 1.1 christos iph->iph_type |= IPHASH_ANON; 346 1.3 darrenr } else { 347 1.3 darrenr (void)strncpy(iph->iph_name, op->iplo_name, 348 1.3 darrenr sizeof(iph->iph_name)); 349 1.3 darrenr iph->iph_name[sizeof(iph->iph_name) - 1] = '\0'; 350 1.1 christos } 351 1.1 christos 352 1.1 christos KMALLOCS(iph->iph_table, iphtent_t **, 353 1.1 christos iph->iph_size * sizeof(*iph->iph_table)); 354 1.1 christos if (iph->iph_table == NULL) { 355 1.1 christos KFREE(iph); 356 1.1 christos softh->ipht_nomem[unit + 1]++; 357 1.1 christos IPFERROR(30006); 358 1.1 christos return ENOMEM; 359 1.1 christos } 360 1.1 christos 361 1.1 christos bzero((char *)iph->iph_table, iph->iph_size * sizeof(*iph->iph_table)); 362 1.1 christos iph->iph_maskset[0] = 0; 363 1.1 christos iph->iph_maskset[1] = 0; 364 1.1 christos iph->iph_maskset[2] = 0; 365 1.1 christos iph->iph_maskset[3] = 0; 366 1.1 christos 367 1.1 christos iph->iph_ref = 1; 368 1.3 darrenr iph->iph_list = NULL; 369 1.3 darrenr iph->iph_tail = &iph->iph_list; 370 1.1 christos iph->iph_next = softh->ipf_htables[unit + 1]; 371 1.1 christos iph->iph_pnext = &softh->ipf_htables[unit + 1]; 372 1.1 christos if (softh->ipf_htables[unit + 1] != NULL) 373 1.1 christos softh->ipf_htables[unit + 1]->iph_pnext = &iph->iph_next; 374 1.1 christos softh->ipf_htables[unit + 1] = iph; 375 1.1 christos 376 1.1 christos softh->ipf_nhtables[unit + 1]++; 377 1.1 christos 378 1.1 christos return 0; 379 1.1 christos } 380 1.1 christos 381 1.1 christos 382 1.1 christos /* ------------------------------------------------------------------------ */ 383 1.1 christos /* Function: ipf_htable_table_del */ 384 1.1 christos /* Returns: int - 0 = success, else error */ 385 1.1 christos /* Parameters: softc(I) - pointer to soft context main structure */ 386 1.1 christos /* arg(I) - pointer to local context to use */ 387 1.1 christos /* op(I) - pointer to lookup operation data */ 388 1.1 christos /* */ 389 1.1 christos /* ------------------------------------------------------------------------ */ 390 1.1 christos static int 391 1.2 christos ipf_htable_table_del(ipf_main_softc_t *softc, void *arg, iplookupop_t *op) 392 1.1 christos { 393 1.1 christos return ipf_htable_destroy(softc, arg, op->iplo_unit, op->iplo_name); 394 1.1 christos } 395 1.1 christos 396 1.1 christos 397 1.1 christos /* ------------------------------------------------------------------------ */ 398 1.1 christos /* Function: ipf_htable_destroy */ 399 1.1 christos /* Returns: int - 0 = success, else error */ 400 1.1 christos /* Parameters: softc(I) - pointer to soft context main structure */ 401 1.1 christos /* arg(I) - pointer to local context to use */ 402 1.1 christos /* op(I) - pointer to lookup operation data */ 403 1.1 christos /* */ 404 1.1 christos /* Find the hash table that belongs to the relevant part of ipfilter with a */ 405 1.1 christos /* matching name and attempt to destroy it. If it is in use, empty it out */ 406 1.1 christos /* and mark it for deletion so that when all the references disappear, it */ 407 1.1 christos /* can be removed. */ 408 1.1 christos /* ------------------------------------------------------------------------ */ 409 1.1 christos static int 410 1.2 christos ipf_htable_destroy(ipf_main_softc_t *softc, void *arg, int unit, char *name) 411 1.1 christos { 412 1.1 christos iphtable_t *iph; 413 1.1 christos 414 1.1 christos iph = ipf_htable_find(arg, unit, name); 415 1.1 christos if (iph == NULL) { 416 1.1 christos IPFERROR(30007); 417 1.1 christos return ESRCH; 418 1.1 christos } 419 1.1 christos 420 1.1 christos if (iph->iph_unit != unit) { 421 1.1 christos IPFERROR(30008); 422 1.1 christos return EINVAL; 423 1.1 christos } 424 1.1 christos 425 1.1 christos if (iph->iph_ref != 0) { 426 1.1 christos ipf_htable_clear(softc, arg, iph); 427 1.1 christos iph->iph_flags |= IPHASH_DELETE; 428 1.1 christos return 0; 429 1.1 christos } 430 1.1 christos 431 1.1 christos ipf_htable_remove(softc, arg, iph); 432 1.1 christos 433 1.1 christos return 0; 434 1.1 christos } 435 1.1 christos 436 1.1 christos 437 1.1 christos /* ------------------------------------------------------------------------ */ 438 1.1 christos /* Function: ipf_htable_clear */ 439 1.1 christos /* Returns: int - 0 = success, else error */ 440 1.1 christos /* Parameters: softc(I) - pointer to soft context main structure */ 441 1.1 christos /* arg(I) - pointer to local context to use */ 442 1.1 christos /* iph(I) - pointer to hash table to destroy */ 443 1.1 christos /* */ 444 1.1 christos /* Clean out the hash table by walking the list of entries and removing */ 445 1.1 christos /* each one, one by one. */ 446 1.1 christos /* ------------------------------------------------------------------------ */ 447 1.1 christos static int 448 1.2 christos ipf_htable_clear(ipf_main_softc_t *softc, void *arg, iphtable_t *iph) 449 1.1 christos { 450 1.1 christos iphtent_t *ipe; 451 1.1 christos 452 1.1 christos while ((ipe = iph->iph_list) != NULL) 453 1.1 christos if (ipf_htent_remove(softc, arg, iph, ipe) != 0) 454 1.1 christos return 1; 455 1.1 christos return 0; 456 1.1 christos } 457 1.1 christos 458 1.1 christos 459 1.1 christos /* ------------------------------------------------------------------------ */ 460 1.1 christos /* Function: ipf_htable_free */ 461 1.1 christos /* Returns: Nil */ 462 1.1 christos /* Parameters: arg(I) - pointer to local context to use */ 463 1.1 christos /* iph(I) - pointer to hash table to destroy */ 464 1.1 christos /* */ 465 1.1 christos /* ------------------------------------------------------------------------ */ 466 1.1 christos static void 467 1.2 christos ipf_htable_free(void *arg, iphtable_t *iph) 468 1.1 christos { 469 1.1 christos ipf_htable_softc_t *softh = arg; 470 1.1 christos 471 1.1 christos if (iph->iph_next != NULL) 472 1.1 christos iph->iph_next->iph_pnext = iph->iph_pnext; 473 1.1 christos if (iph->iph_pnext != NULL) 474 1.1 christos *iph->iph_pnext = iph->iph_next; 475 1.1 christos iph->iph_pnext = NULL; 476 1.1 christos iph->iph_next = NULL; 477 1.1 christos 478 1.1 christos softh->ipf_nhtables[iph->iph_unit + 1]--; 479 1.1 christos 480 1.1 christos KFREES(iph->iph_table, iph->iph_size * sizeof(*iph->iph_table)); 481 1.1 christos KFREE(iph); 482 1.1 christos } 483 1.1 christos 484 1.1 christos 485 1.1 christos /* ------------------------------------------------------------------------ */ 486 1.1 christos /* Function: ipf_htable_remove */ 487 1.1 christos /* Returns: int - 0 = success, else error */ 488 1.1 christos /* Parameters: softc(I) - pointer to soft context main structure */ 489 1.1 christos /* arg(I) - pointer to local context to use */ 490 1.1 christos /* iph(I) - pointer to hash table to destroy */ 491 1.1 christos /* */ 492 1.1 christos /* It is necessary to unlink here as well as free (called by deref) so that */ 493 1.1 christos /* the while loop in ipf_htable_flush() functions properly. */ 494 1.1 christos /* ------------------------------------------------------------------------ */ 495 1.1 christos static int 496 1.2 christos ipf_htable_remove(ipf_main_softc_t *softc, void *arg, iphtable_t *iph) 497 1.1 christos { 498 1.1 christos 499 1.1 christos if (ipf_htable_clear(softc, arg, iph) != 0) 500 1.1 christos return 1; 501 1.1 christos 502 1.1 christos if (iph->iph_pnext != NULL) 503 1.1 christos *iph->iph_pnext = iph->iph_next; 504 1.1 christos if (iph->iph_next != NULL) 505 1.1 christos iph->iph_next->iph_pnext = iph->iph_pnext; 506 1.1 christos iph->iph_pnext = NULL; 507 1.1 christos iph->iph_next = NULL; 508 1.1 christos 509 1.1 christos return ipf_htable_deref(softc, arg, iph); 510 1.1 christos } 511 1.1 christos 512 1.1 christos 513 1.1 christos /* ------------------------------------------------------------------------ */ 514 1.1 christos /* Function: ipf_htable_node_del */ 515 1.1 christos /* Returns: int - 0 = success, else error */ 516 1.1 christos /* Parameters: softc(I) - pointer to soft context main structure */ 517 1.1 christos /* arg(I) - pointer to local context to use */ 518 1.1 christos /* op(I) - pointer to lookup operation data */ 519 1.1 christos /* uid(I) - real uid of process doing operation */ 520 1.1 christos /* */ 521 1.1 christos /* ------------------------------------------------------------------------ */ 522 1.1 christos static int 523 1.2 christos ipf_htable_node_del(ipf_main_softc_t *softc, void *arg, iplookupop_t *op, 524 1.2 christos int uid) 525 1.1 christos { 526 1.1 christos iphtable_t *iph; 527 1.1 christos iphtent_t hte, *ent; 528 1.1 christos int err; 529 1.1 christos 530 1.1 christos if (op->iplo_size != sizeof(hte)) { 531 1.1 christos IPFERROR(30014); 532 1.1 christos return EINVAL; 533 1.1 christos } 534 1.1 christos 535 1.1 christos err = COPYIN(op->iplo_struct, &hte, sizeof(hte)); 536 1.1 christos if (err != 0) { 537 1.1 christos IPFERROR(30015); 538 1.1 christos return EFAULT; 539 1.1 christos } 540 1.1 christos 541 1.1 christos iph = ipf_htable_find(arg, op->iplo_unit, op->iplo_name); 542 1.1 christos if (iph == NULL) { 543 1.1 christos IPFERROR(30016); 544 1.1 christos return ESRCH; 545 1.1 christos } 546 1.1 christos 547 1.1 christos ent = ipf_htent_find(iph, &hte); 548 1.1 christos if (ent == NULL) { 549 1.1 christos IPFERROR(30022); 550 1.1 christos return ESRCH; 551 1.1 christos } 552 1.1 christos 553 1.1 christos if ((uid != 0) && (ent->ipe_uid != uid)) { 554 1.1 christos IPFERROR(30023); 555 1.1 christos return EACCES; 556 1.1 christos } 557 1.1 christos 558 1.1 christos err = ipf_htent_remove(softc, arg, iph, ent); 559 1.1 christos 560 1.1 christos return err; 561 1.1 christos } 562 1.1 christos 563 1.1 christos 564 1.1 christos /* ------------------------------------------------------------------------ */ 565 1.1 christos /* Function: ipf_htable_node_del */ 566 1.1 christos /* Returns: int - 0 = success, else error */ 567 1.1 christos /* Parameters: softc(I) - pointer to soft context main structure */ 568 1.1 christos /* arg(I) - pointer to local context to use */ 569 1.1 christos /* op(I) - pointer to lookup operation data */ 570 1.1 christos /* */ 571 1.1 christos /* ------------------------------------------------------------------------ */ 572 1.1 christos static int 573 1.2 christos ipf_htable_table_add(ipf_main_softc_t *softc, void *arg, iplookupop_t *op) 574 1.1 christos { 575 1.1 christos int err; 576 1.1 christos 577 1.1 christos if (ipf_htable_find(arg, op->iplo_unit, op->iplo_name) != NULL) { 578 1.1 christos IPFERROR(30017); 579 1.1 christos err = EEXIST; 580 1.1 christos } else { 581 1.1 christos err = ipf_htable_create(softc, arg, op); 582 1.1 christos } 583 1.1 christos 584 1.1 christos return err; 585 1.1 christos } 586 1.1 christos 587 1.1 christos 588 1.1 christos /* ------------------------------------------------------------------------ */ 589 1.1 christos /* Function: ipf_htent_remove */ 590 1.1 christos /* Returns: int - 0 = success, else error */ 591 1.1 christos /* Parameters: softc(I) - pointer to soft context main structure */ 592 1.1 christos /* arg(I) - pointer to local context to use */ 593 1.1 christos /* iph(I) - pointer to hash table */ 594 1.1 christos /* ipe(I) - pointer to hash table entry to remove */ 595 1.1 christos /* */ 596 1.1 christos /* Delete an entry from a hash table. */ 597 1.1 christos /* ------------------------------------------------------------------------ */ 598 1.1 christos static int 599 1.2 christos ipf_htent_remove(ipf_main_softc_t *softc, void *arg, iphtable_t *iph, 600 1.2 christos iphtent_t *ipe) 601 1.1 christos { 602 1.1 christos 603 1.3 darrenr if (iph->iph_tail == &ipe->ipe_next) 604 1.3 darrenr iph->iph_tail = ipe->ipe_pnext; 605 1.3 darrenr 606 1.1 christos if (ipe->ipe_hnext != NULL) 607 1.1 christos ipe->ipe_hnext->ipe_phnext = ipe->ipe_phnext; 608 1.1 christos if (ipe->ipe_phnext != NULL) 609 1.1 christos *ipe->ipe_phnext = ipe->ipe_hnext; 610 1.1 christos ipe->ipe_phnext = NULL; 611 1.1 christos ipe->ipe_hnext = NULL; 612 1.1 christos 613 1.1 christos if (ipe->ipe_dnext != NULL) 614 1.1 christos ipe->ipe_dnext->ipe_pdnext = ipe->ipe_pdnext; 615 1.1 christos if (ipe->ipe_pdnext != NULL) 616 1.1 christos *ipe->ipe_pdnext = ipe->ipe_dnext; 617 1.1 christos ipe->ipe_pdnext = NULL; 618 1.1 christos ipe->ipe_dnext = NULL; 619 1.1 christos 620 1.1 christos if (ipe->ipe_next != NULL) 621 1.1 christos ipe->ipe_next->ipe_pnext = ipe->ipe_pnext; 622 1.1 christos if (ipe->ipe_pnext != NULL) 623 1.1 christos *ipe->ipe_pnext = ipe->ipe_next; 624 1.1 christos ipe->ipe_pnext = NULL; 625 1.1 christos ipe->ipe_next = NULL; 626 1.1 christos 627 1.1 christos switch (iph->iph_type & ~IPHASH_ANON) 628 1.1 christos { 629 1.1 christos case IPHASH_GROUPMAP : 630 1.5 joerg ipf_group_del(softc, ipe->ipe_ptr, NULL); 631 1.1 christos break; 632 1.1 christos 633 1.1 christos default : 634 1.1 christos ipe->ipe_ptr = NULL; 635 1.1 christos ipe->ipe_value = 0; 636 1.1 christos break; 637 1.1 christos } 638 1.1 christos 639 1.1 christos return ipf_htent_deref(arg, ipe); 640 1.1 christos } 641 1.1 christos 642 1.1 christos 643 1.1 christos /* ------------------------------------------------------------------------ */ 644 1.1 christos /* Function: ipf_htable_deref */ 645 1.1 christos /* Returns: int - 0 = success, else error */ 646 1.1 christos /* Parameters: softc(I) - pointer to soft context main structure */ 647 1.1 christos /* arg(I) - pointer to local context to use */ 648 1.1 christos /* object(I) - pointer to hash table */ 649 1.1 christos /* */ 650 1.1 christos /* ------------------------------------------------------------------------ */ 651 1.1 christos static int 652 1.2 christos ipf_htable_deref(ipf_main_softc_t *softc, void *arg, void *object) 653 1.1 christos { 654 1.1 christos ipf_htable_softc_t *softh = arg; 655 1.1 christos iphtable_t *iph = object; 656 1.1 christos int refs; 657 1.1 christos 658 1.1 christos iph->iph_ref--; 659 1.1 christos refs = iph->iph_ref; 660 1.1 christos 661 1.1 christos if (iph->iph_ref == 0) { 662 1.1 christos ipf_htable_free(softh, iph); 663 1.1 christos } 664 1.1 christos 665 1.1 christos return refs; 666 1.1 christos } 667 1.1 christos 668 1.1 christos 669 1.1 christos /* ------------------------------------------------------------------------ */ 670 1.1 christos /* Function: ipf_htent_deref */ 671 1.1 christos /* Parameters: arg(I) - pointer to local context to use */ 672 1.1 christos /* ipe(I) - */ 673 1.1 christos /* */ 674 1.1 christos /* ------------------------------------------------------------------------ */ 675 1.1 christos static int 676 1.2 christos ipf_htent_deref(void *arg, iphtent_t *ipe) 677 1.1 christos { 678 1.1 christos ipf_htable_softc_t *softh = arg; 679 1.1 christos 680 1.1 christos ipe->ipe_ref--; 681 1.1 christos if (ipe->ipe_ref == 0) { 682 1.1 christos softh->ipf_nhtnodes[ipe->ipe_unit + 1]--; 683 1.1 christos KFREE(ipe); 684 1.1 christos 685 1.1 christos return 0; 686 1.1 christos } 687 1.1 christos 688 1.1 christos return ipe->ipe_ref; 689 1.1 christos } 690 1.1 christos 691 1.1 christos 692 1.1 christos /* ------------------------------------------------------------------------ */ 693 1.1 christos /* Function: ipf_htable_exists */ 694 1.1 christos /* Parameters: arg(I) - pointer to local context to use */ 695 1.1 christos /* */ 696 1.1 christos /* ------------------------------------------------------------------------ */ 697 1.1 christos static void * 698 1.2 christos ipf_htable_exists(void *arg, int unit, char *name) 699 1.1 christos { 700 1.1 christos ipf_htable_softc_t *softh = arg; 701 1.1 christos iphtable_t *iph; 702 1.1 christos 703 1.1 christos if (unit == IPL_LOGALL) { 704 1.1 christos int i; 705 1.1 christos 706 1.1 christos for (i = 0; i <= LOOKUP_POOL_MAX; i++) { 707 1.1 christos for (iph = softh->ipf_htables[i]; iph != NULL; 708 1.1 christos iph = iph->iph_next) { 709 1.1 christos if (strncmp(iph->iph_name, name, 710 1.1 christos sizeof(iph->iph_name)) == 0) 711 1.1 christos break; 712 1.1 christos } 713 1.1 christos if (iph != NULL) 714 1.1 christos break; 715 1.1 christos } 716 1.1 christos } else { 717 1.1 christos for (iph = softh->ipf_htables[unit + 1]; iph != NULL; 718 1.1 christos iph = iph->iph_next) { 719 1.1 christos if (strncmp(iph->iph_name, name, 720 1.1 christos sizeof(iph->iph_name)) == 0) 721 1.1 christos break; 722 1.1 christos } 723 1.1 christos } 724 1.1 christos return iph; 725 1.1 christos } 726 1.1 christos 727 1.1 christos 728 1.1 christos /* ------------------------------------------------------------------------ */ 729 1.1 christos /* Function: ipf_htable_select_add_ref */ 730 1.1 christos /* Returns: void * - NULL = failure, else pointer to the hash table */ 731 1.1 christos /* Parameters: arg(I) - pointer to local context to use */ 732 1.1 christos /* unit(I) - ipfilter device to which we are working on */ 733 1.1 christos /* name(I) - name of the hash table */ 734 1.1 christos /* */ 735 1.1 christos /* ------------------------------------------------------------------------ */ 736 1.1 christos static void * 737 1.2 christos ipf_htable_select_add_ref(void *arg, int unit, char *name) 738 1.1 christos { 739 1.1 christos iphtable_t *iph; 740 1.1 christos 741 1.1 christos iph = ipf_htable_exists(arg, unit, name); 742 1.1 christos if (iph != NULL) { 743 1.1 christos ATOMIC_INC32(iph->iph_ref); 744 1.1 christos } 745 1.1 christos return iph; 746 1.1 christos } 747 1.1 christos 748 1.1 christos 749 1.1 christos /* ------------------------------------------------------------------------ */ 750 1.1 christos /* Function: ipf_htable_find */ 751 1.1 christos /* Returns: void * - NULL = failure, else pointer to the hash table */ 752 1.1 christos /* Parameters: arg(I) - pointer to local context to use */ 753 1.1 christos /* unit(I) - ipfilter device to which we are working on */ 754 1.1 christos /* name(I) - name of the hash table */ 755 1.1 christos /* */ 756 1.1 christos /* This function is exposed becaues it is used in the group-map feature. */ 757 1.1 christos /* ------------------------------------------------------------------------ */ 758 1.1 christos iphtable_t * 759 1.2 christos ipf_htable_find(void *arg, int unit, char *name) 760 1.1 christos { 761 1.1 christos iphtable_t *iph; 762 1.1 christos 763 1.1 christos iph = ipf_htable_exists(arg, unit, name); 764 1.1 christos if ((iph != NULL) && (iph->iph_flags & IPHASH_DELETE) == 0) 765 1.1 christos return iph; 766 1.1 christos 767 1.1 christos return NULL; 768 1.1 christos } 769 1.1 christos 770 1.1 christos 771 1.1 christos /* ------------------------------------------------------------------------ */ 772 1.1 christos /* Function: ipf_htable_flush */ 773 1.1 christos /* Returns: size_t - number of entries flushed */ 774 1.1 christos /* Parameters: softc(I) - pointer to soft context main structure */ 775 1.1 christos /* arg(I) - pointer to local context to use */ 776 1.1 christos /* op(I) - pointer to lookup operation data */ 777 1.1 christos /* */ 778 1.1 christos /* ------------------------------------------------------------------------ */ 779 1.1 christos static size_t 780 1.2 christos ipf_htable_flush(ipf_main_softc_t *softc, void *arg, iplookupflush_t *op) 781 1.1 christos { 782 1.1 christos ipf_htable_softc_t *softh = arg; 783 1.1 christos iphtable_t *iph; 784 1.1 christos size_t freed; 785 1.1 christos int i; 786 1.1 christos 787 1.1 christos freed = 0; 788 1.1 christos 789 1.1 christos for (i = -1; i <= IPL_LOGMAX; i++) { 790 1.1 christos if (op->iplf_unit == i || op->iplf_unit == IPL_LOGALL) { 791 1.1 christos while ((iph = softh->ipf_htables[i + 1]) != NULL) { 792 1.1 christos if (ipf_htable_remove(softc, arg, iph) == 0) { 793 1.1 christos freed++; 794 1.1 christos } else { 795 1.1 christos iph->iph_flags |= IPHASH_DELETE; 796 1.1 christos } 797 1.1 christos } 798 1.1 christos } 799 1.1 christos } 800 1.1 christos 801 1.1 christos return freed; 802 1.1 christos } 803 1.1 christos 804 1.1 christos 805 1.1 christos /* ------------------------------------------------------------------------ */ 806 1.1 christos /* Function: ipf_htable_node_add */ 807 1.1 christos /* Returns: int - 0 = success, else error */ 808 1.1 christos /* Parameters: softc(I) - pointer to soft context main structure */ 809 1.1 christos /* arg(I) - pointer to local context to use */ 810 1.1 christos /* op(I) - pointer to lookup operation data */ 811 1.1 christos /* uid(I) - real uid of process doing operation */ 812 1.1 christos /* */ 813 1.1 christos /* ------------------------------------------------------------------------ */ 814 1.1 christos static int 815 1.2 christos ipf_htable_node_add(ipf_main_softc_t *softc, void *arg, iplookupop_t *op, 816 1.2 christos int uid) 817 1.1 christos { 818 1.1 christos iphtable_t *iph; 819 1.1 christos iphtent_t hte; 820 1.1 christos int err; 821 1.1 christos 822 1.1 christos if (op->iplo_size != sizeof(hte)) { 823 1.1 christos IPFERROR(30018); 824 1.1 christos return EINVAL; 825 1.1 christos } 826 1.1 christos 827 1.1 christos err = COPYIN(op->iplo_struct, &hte, sizeof(hte)); 828 1.1 christos if (err != 0) { 829 1.1 christos IPFERROR(30019); 830 1.1 christos return EFAULT; 831 1.1 christos } 832 1.1 christos hte.ipe_uid = uid; 833 1.1 christos 834 1.1 christos iph = ipf_htable_find(arg, op->iplo_unit, op->iplo_name); 835 1.1 christos if (iph == NULL) { 836 1.1 christos IPFERROR(30020); 837 1.1 christos return ESRCH; 838 1.1 christos } 839 1.1 christos 840 1.1 christos if (ipf_htent_find(iph, &hte) != NULL) { 841 1.1 christos IPFERROR(30021); 842 1.1 christos return EEXIST; 843 1.1 christos } 844 1.1 christos 845 1.1 christos err = ipf_htent_insert(softc, arg, iph, &hte); 846 1.1 christos 847 1.1 christos return err; 848 1.1 christos } 849 1.1 christos 850 1.1 christos 851 1.1 christos /* ------------------------------------------------------------------------ */ 852 1.1 christos /* Function: ipf_htent_insert */ 853 1.1 christos /* Returns: int - 0 = success, -1 = error */ 854 1.1 christos /* Parameters: softc(I) - pointer to soft context main structure */ 855 1.1 christos /* arg(I) - pointer to local context to use */ 856 1.1 christos /* op(I) - pointer to lookup operation data */ 857 1.1 christos /* ipeo(I) - */ 858 1.1 christos /* */ 859 1.1 christos /* Add an entry to a hash table. */ 860 1.1 christos /* ------------------------------------------------------------------------ */ 861 1.1 christos static int 862 1.2 christos ipf_htent_insert(ipf_main_softc_t *softc, void *arg, iphtable_t *iph, 863 1.2 christos iphtent_t *ipeo) 864 1.1 christos { 865 1.1 christos ipf_htable_softc_t *softh = arg; 866 1.1 christos iphtent_t *ipe; 867 1.1 christos u_int hv; 868 1.1 christos int bits; 869 1.1 christos 870 1.1 christos KMALLOC(ipe, iphtent_t *); 871 1.1 christos if (ipe == NULL) 872 1.1 christos return -1; 873 1.1 christos 874 1.1 christos bcopy((char *)ipeo, (char *)ipe, sizeof(*ipe)); 875 1.1 christos ipe->ipe_addr.i6[0] &= ipe->ipe_mask.i6[0]; 876 1.1 christos if (ipe->ipe_family == AF_INET) { 877 1.1 christos bits = count4bits(ipe->ipe_mask.in4_addr); 878 1.1 christos ipe->ipe_addr.i6[1] = 0; 879 1.1 christos ipe->ipe_addr.i6[2] = 0; 880 1.1 christos ipe->ipe_addr.i6[3] = 0; 881 1.1 christos ipe->ipe_mask.i6[1] = 0; 882 1.1 christos ipe->ipe_mask.i6[2] = 0; 883 1.1 christos ipe->ipe_mask.i6[3] = 0; 884 1.1 christos hv = IPE_V4_HASH_FN(ipe->ipe_addr.in4_addr, 885 1.1 christos ipe->ipe_mask.in4_addr, iph->iph_size); 886 1.1 christos } else 887 1.1 christos #ifdef USE_INET6 888 1.1 christos if (ipe->ipe_family == AF_INET6) { 889 1.3 darrenr ipe->ipe_addr.i6[1] &= ipe->ipe_mask.i6[1]; 890 1.3 darrenr ipe->ipe_addr.i6[2] &= ipe->ipe_mask.i6[2]; 891 1.3 darrenr ipe->ipe_addr.i6[3] &= ipe->ipe_mask.i6[3]; 892 1.3 darrenr 893 1.1 christos bits = count6bits(ipe->ipe_mask.i6); 894 1.1 christos hv = IPE_V6_HASH_FN(ipe->ipe_addr.i6, 895 1.1 christos ipe->ipe_mask.i6, iph->iph_size); 896 1.1 christos } else 897 1.1 christos #endif 898 1.1 christos { 899 1.1 christos KFREE(ipe); 900 1.1 christos return -1; 901 1.1 christos } 902 1.1 christos 903 1.1 christos ipe->ipe_owner = iph; 904 1.1 christos ipe->ipe_ref = 1; 905 1.1 christos ipe->ipe_hnext = iph->iph_table[hv]; 906 1.1 christos ipe->ipe_phnext = iph->iph_table + hv; 907 1.1 christos 908 1.1 christos if (iph->iph_table[hv] != NULL) 909 1.1 christos iph->iph_table[hv]->ipe_phnext = &ipe->ipe_hnext; 910 1.1 christos iph->iph_table[hv] = ipe; 911 1.1 christos 912 1.3 darrenr ipe->ipe_pnext = iph->iph_tail; 913 1.3 darrenr *iph->iph_tail = ipe; 914 1.3 darrenr iph->iph_tail = &ipe->ipe_next; 915 1.3 darrenr ipe->ipe_next = NULL; 916 1.1 christos 917 1.1 christos if (ipe->ipe_die != 0) { 918 1.1 christos /* 919 1.1 christos * If the new node has a given expiration time, insert it 920 1.1 christos * into the list of expiring nodes with the ones to be 921 1.1 christos * removed first added to the front of the list. The 922 1.1 christos * insertion is O(n) but it is kept sorted for quick scans 923 1.1 christos * at expiration interval checks. 924 1.1 christos */ 925 1.1 christos iphtent_t *n; 926 1.1 christos 927 1.1 christos ipe->ipe_die = softc->ipf_ticks + IPF_TTLVAL(ipe->ipe_die); 928 1.1 christos for (n = softh->ipf_node_explist; n != NULL; n = n->ipe_dnext) { 929 1.1 christos if (ipe->ipe_die < n->ipe_die) 930 1.1 christos break; 931 1.1 christos if (n->ipe_dnext == NULL) { 932 1.1 christos /* 933 1.1 christos * We've got to the last node and everything 934 1.1 christos * wanted to be expired before this new node, 935 1.1 christos * so we have to tack it on the end... 936 1.1 christos */ 937 1.1 christos n->ipe_dnext = ipe; 938 1.1 christos ipe->ipe_pdnext = &n->ipe_dnext; 939 1.1 christos n = NULL; 940 1.1 christos break; 941 1.1 christos } 942 1.1 christos } 943 1.1 christos 944 1.1 christos if (softh->ipf_node_explist == NULL) { 945 1.1 christos softh->ipf_node_explist = ipe; 946 1.1 christos ipe->ipe_pdnext = &softh->ipf_node_explist; 947 1.1 christos } else if (n != NULL) { 948 1.1 christos ipe->ipe_dnext = n; 949 1.1 christos ipe->ipe_pdnext = n->ipe_pdnext; 950 1.1 christos n->ipe_pdnext = &ipe->ipe_dnext; 951 1.1 christos } 952 1.1 christos } 953 1.1 christos 954 1.1 christos if (ipe->ipe_family == AF_INET) { 955 1.3 darrenr ipf_inet_mask_add(bits, &iph->iph_v4_masks); 956 1.1 christos } 957 1.1 christos #ifdef USE_INET6 958 1.1 christos else if (ipe->ipe_family == AF_INET6) { 959 1.3 darrenr ipf_inet6_mask_add(bits, &ipe->ipe_mask, &iph->iph_v6_masks); 960 1.1 christos } 961 1.1 christos #endif 962 1.1 christos 963 1.1 christos switch (iph->iph_type & ~IPHASH_ANON) 964 1.1 christos { 965 1.1 christos case IPHASH_GROUPMAP : 966 1.1 christos ipe->ipe_ptr = ipf_group_add(softc, ipe->ipe_group, NULL, 967 1.1 christos iph->iph_flags, IPL_LOGIPF, 968 1.1 christos softc->ipf_active); 969 1.1 christos break; 970 1.1 christos 971 1.1 christos default : 972 1.1 christos ipe->ipe_ptr = NULL; 973 1.1 christos ipe->ipe_value = 0; 974 1.1 christos break; 975 1.1 christos } 976 1.1 christos 977 1.1 christos ipe->ipe_unit = iph->iph_unit; 978 1.1 christos softh->ipf_nhtnodes[ipe->ipe_unit + 1]++; 979 1.1 christos 980 1.1 christos return 0; 981 1.1 christos } 982 1.1 christos 983 1.1 christos 984 1.1 christos /* ------------------------------------------------------------------------ */ 985 1.1 christos /* Function: ipf_htent_find */ 986 1.1 christos /* Returns: int - 0 = success, else error */ 987 1.1 christos /* Parameters: iph(I) - pointer to table to search */ 988 1.1 christos /* ipeo(I) - pointer to entry to find */ 989 1.1 christos /* */ 990 1.1 christos /* While it isn't absolutely necessary to for the address and mask to be */ 991 1.1 christos /* passed in through an iphtent_t structure, one is always present when it */ 992 1.1 christos /* is time to call this function, so it is just more convenient. */ 993 1.1 christos /* ------------------------------------------------------------------------ */ 994 1.1 christos static iphtent_t * 995 1.2 christos ipf_htent_find(iphtable_t *iph, iphtent_t *ipeo) 996 1.1 christos { 997 1.1 christos iphtent_t ipe, *ent; 998 1.1 christos u_int hv; 999 1.1 christos 1000 1.1 christos bcopy((char *)ipeo, (char *)&ipe, sizeof(ipe)); 1001 1.1 christos ipe.ipe_addr.i6[0] &= ipe.ipe_mask.i6[0]; 1002 1.1 christos ipe.ipe_addr.i6[1] &= ipe.ipe_mask.i6[1]; 1003 1.1 christos ipe.ipe_addr.i6[2] &= ipe.ipe_mask.i6[2]; 1004 1.1 christos ipe.ipe_addr.i6[3] &= ipe.ipe_mask.i6[3]; 1005 1.1 christos if (ipe.ipe_family == AF_INET) { 1006 1.1 christos ipe.ipe_addr.i6[1] = 0; 1007 1.1 christos ipe.ipe_addr.i6[2] = 0; 1008 1.1 christos ipe.ipe_addr.i6[3] = 0; 1009 1.1 christos ipe.ipe_mask.i6[1] = 0; 1010 1.1 christos ipe.ipe_mask.i6[2] = 0; 1011 1.1 christos ipe.ipe_mask.i6[3] = 0; 1012 1.1 christos hv = IPE_V4_HASH_FN(ipe.ipe_addr.in4_addr, 1013 1.1 christos ipe.ipe_mask.in4_addr, iph->iph_size); 1014 1.1 christos } else 1015 1.1 christos #ifdef USE_INET6 1016 1.1 christos if (ipe.ipe_family == AF_INET6) { 1017 1.1 christos hv = IPE_V6_HASH_FN(ipe.ipe_addr.i6, 1018 1.1 christos ipe.ipe_mask.i6, iph->iph_size); 1019 1.1 christos } else 1020 1.1 christos #endif 1021 1.1 christos return NULL; 1022 1.1 christos 1023 1.1 christos for (ent = iph->iph_table[hv]; ent != NULL; ent = ent->ipe_hnext) { 1024 1.1 christos if (ent->ipe_family != ipe.ipe_family) 1025 1.1 christos continue; 1026 1.1 christos if (IP6_NEQ(&ipe.ipe_addr, &ent->ipe_addr)) 1027 1.1 christos continue; 1028 1.1 christos if (IP6_NEQ(&ipe.ipe_mask, &ent->ipe_mask)) 1029 1.1 christos continue; 1030 1.1 christos break; 1031 1.1 christos } 1032 1.1 christos 1033 1.1 christos return ent; 1034 1.1 christos } 1035 1.1 christos 1036 1.1 christos 1037 1.1 christos /* ------------------------------------------------------------------------ */ 1038 1.1 christos /* Function: ipf_iphmfindgroup */ 1039 1.1 christos /* Returns: int - 0 = success, else error */ 1040 1.1 christos /* Parameters: softc(I) - pointer to soft context main structure */ 1041 1.1 christos /* tptr(I) - */ 1042 1.1 christos /* aptr(I) - */ 1043 1.1 christos /* */ 1044 1.1 christos /* Search a hash table for a matching entry and return the pointer stored */ 1045 1.1 christos /* in it for use as the next group of rules to search. */ 1046 1.1 christos /* */ 1047 1.1 christos /* This function is exposed becaues it is used in the group-map feature. */ 1048 1.1 christos /* ------------------------------------------------------------------------ */ 1049 1.1 christos void * 1050 1.2 christos ipf_iphmfindgroup(ipf_main_softc_t *softc, void *tptr, void *aptr) 1051 1.1 christos { 1052 1.1 christos struct in_addr *addr; 1053 1.1 christos iphtable_t *iph; 1054 1.1 christos iphtent_t *ipe; 1055 1.1 christos void *rval; 1056 1.1 christos 1057 1.1 christos READ_ENTER(&softc->ipf_poolrw); 1058 1.1 christos iph = tptr; 1059 1.1 christos addr = aptr; 1060 1.1 christos 1061 1.1 christos ipe = ipf_iphmfind(iph, addr); 1062 1.1 christos if (ipe != NULL) 1063 1.1 christos rval = ipe->ipe_ptr; 1064 1.1 christos else 1065 1.1 christos rval = NULL; 1066 1.1 christos RWLOCK_EXIT(&softc->ipf_poolrw); 1067 1.1 christos return rval; 1068 1.1 christos } 1069 1.1 christos 1070 1.1 christos 1071 1.1 christos /* ------------------------------------------------------------------------ */ 1072 1.1 christos /* Function: ipf_iphmfindip */ 1073 1.1 christos /* Returns: int - 0 == +ve match, -1 == error, 1 == -ve/no match */ 1074 1.1 christos /* Parameters: softc(I) - pointer to soft context main structure */ 1075 1.1 christos /* tptr(I) - pointer to the pool to search */ 1076 1.1 christos /* ipversion(I) - IP protocol version (4 or 6) */ 1077 1.1 christos /* aptr(I) - pointer to address information */ 1078 1.1 christos /* bytes(I) - packet length */ 1079 1.1 christos /* */ 1080 1.1 christos /* Search the hash table for a given address and return a search result. */ 1081 1.1 christos /* ------------------------------------------------------------------------ */ 1082 1.1 christos static int 1083 1.2 christos ipf_iphmfindip(ipf_main_softc_t *softc, void *tptr, int ipversion, void *aptr, 1084 1.2 christos u_int bytes) 1085 1.1 christos { 1086 1.1 christos struct in_addr *addr; 1087 1.1 christos iphtable_t *iph; 1088 1.1 christos iphtent_t *ipe; 1089 1.1 christos int rval; 1090 1.1 christos 1091 1.1 christos if (tptr == NULL || aptr == NULL) 1092 1.1 christos return -1; 1093 1.1 christos 1094 1.1 christos iph = tptr; 1095 1.1 christos addr = aptr; 1096 1.1 christos 1097 1.1 christos READ_ENTER(&softc->ipf_poolrw); 1098 1.1 christos if (ipversion == 4) { 1099 1.1 christos ipe = ipf_iphmfind(iph, addr); 1100 1.1 christos #ifdef USE_INET6 1101 1.1 christos } else if (ipversion == 6) { 1102 1.1 christos ipe = ipf_iphmfind6(iph, (i6addr_t *)addr); 1103 1.1 christos #endif 1104 1.1 christos } else { 1105 1.1 christos ipe = NULL; 1106 1.1 christos } 1107 1.1 christos 1108 1.1 christos if (ipe != NULL) { 1109 1.1 christos rval = 0; 1110 1.1 christos ipe->ipe_hits++; 1111 1.1 christos ipe->ipe_bytes += bytes; 1112 1.1 christos } else { 1113 1.1 christos rval = 1; 1114 1.1 christos } 1115 1.1 christos RWLOCK_EXIT(&softc->ipf_poolrw); 1116 1.1 christos return rval; 1117 1.1 christos } 1118 1.1 christos 1119 1.1 christos 1120 1.1 christos /* ------------------------------------------------------------------------ */ 1121 1.1 christos /* Function: ipf_iphmfindip */ 1122 1.1 christos /* Parameters: iph(I) - pointer to hash table */ 1123 1.1 christos /* addr(I) - pointer to IPv4 address */ 1124 1.1 christos /* Locks: ipf_poolrw */ 1125 1.1 christos /* */ 1126 1.1 christos /* ------------------------------------------------------------------------ */ 1127 1.1 christos static iphtent_t * 1128 1.2 christos ipf_iphmfind(iphtable_t *iph, struct in_addr *addr) 1129 1.1 christos { 1130 1.3 darrenr u_32_t msk, ips; 1131 1.1 christos iphtent_t *ipe; 1132 1.1 christos u_int hv; 1133 1.3 darrenr int i; 1134 1.1 christos 1135 1.3 darrenr i = 0; 1136 1.1 christos maskloop: 1137 1.3 darrenr msk = iph->iph_v4_masks.imt4_active[i]; 1138 1.3 darrenr ips = addr->s_addr & msk; 1139 1.1 christos hv = IPE_V4_HASH_FN(ips, msk, iph->iph_size); 1140 1.1 christos for (ipe = iph->iph_table[hv]; (ipe != NULL); ipe = ipe->ipe_hnext) { 1141 1.1 christos if ((ipe->ipe_family != AF_INET) || 1142 1.1 christos (ipe->ipe_mask.in4_addr != msk) || 1143 1.1 christos (ipe->ipe_addr.in4_addr != ips)) { 1144 1.1 christos continue; 1145 1.1 christos } 1146 1.1 christos break; 1147 1.1 christos } 1148 1.1 christos 1149 1.3 darrenr if (ipe == NULL) { 1150 1.3 darrenr i++; 1151 1.3 darrenr if (i < iph->iph_v4_masks.imt4_max) 1152 1.1 christos goto maskloop; 1153 1.1 christos } 1154 1.1 christos return ipe; 1155 1.1 christos } 1156 1.1 christos 1157 1.1 christos 1158 1.1 christos /* ------------------------------------------------------------------------ */ 1159 1.1 christos /* Function: ipf_htable_iter_next */ 1160 1.1 christos /* Returns: int - 0 = success, else error */ 1161 1.1 christos /* Parameters: softc(I) - pointer to soft context main structure */ 1162 1.1 christos /* arg(I) - pointer to local context to use */ 1163 1.1 christos /* token(I) - */ 1164 1.1 christos /* ilp(I) - */ 1165 1.1 christos /* */ 1166 1.1 christos /* ------------------------------------------------------------------------ */ 1167 1.1 christos static int 1168 1.2 christos ipf_htable_iter_next(ipf_main_softc_t *softc, void *arg, ipftoken_t *token, 1169 1.2 christos ipflookupiter_t *ilp) 1170 1.1 christos { 1171 1.1 christos ipf_htable_softc_t *softh = arg; 1172 1.1 christos iphtent_t *node, zn, *nextnode; 1173 1.1 christos iphtable_t *iph, zp, *nextiph; 1174 1.1 christos void *hnext; 1175 1.1 christos int err; 1176 1.1 christos 1177 1.1 christos err = 0; 1178 1.1 christos iph = NULL; 1179 1.1 christos node = NULL; 1180 1.1 christos nextiph = NULL; 1181 1.1 christos nextnode = NULL; 1182 1.1 christos 1183 1.1 christos READ_ENTER(&softc->ipf_poolrw); 1184 1.1 christos 1185 1.1 christos switch (ilp->ili_otype) 1186 1.1 christos { 1187 1.1 christos case IPFLOOKUPITER_LIST : 1188 1.1 christos iph = token->ipt_data; 1189 1.1 christos if (iph == NULL) { 1190 1.1 christos nextiph = softh->ipf_htables[(int)ilp->ili_unit + 1]; 1191 1.1 christos } else { 1192 1.1 christos nextiph = iph->iph_next; 1193 1.1 christos } 1194 1.1 christos 1195 1.1 christos if (nextiph != NULL) { 1196 1.1 christos ATOMIC_INC(nextiph->iph_ref); 1197 1.1 christos token->ipt_data = nextiph; 1198 1.1 christos } else { 1199 1.1 christos bzero((char *)&zp, sizeof(zp)); 1200 1.1 christos nextiph = &zp; 1201 1.1 christos token->ipt_data = NULL; 1202 1.1 christos } 1203 1.1 christos hnext = nextiph->iph_next; 1204 1.1 christos break; 1205 1.1 christos 1206 1.1 christos case IPFLOOKUPITER_NODE : 1207 1.1 christos node = token->ipt_data; 1208 1.1 christos if (node == NULL) { 1209 1.3 darrenr iph = ipf_htable_find(arg, ilp->ili_unit, 1210 1.1 christos ilp->ili_name); 1211 1.1 christos if (iph == NULL) { 1212 1.1 christos IPFERROR(30009); 1213 1.1 christos err = ESRCH; 1214 1.1 christos } else { 1215 1.1 christos nextnode = iph->iph_list; 1216 1.1 christos } 1217 1.1 christos } else { 1218 1.1 christos nextnode = node->ipe_next; 1219 1.1 christos } 1220 1.1 christos 1221 1.1 christos if (nextnode != NULL) { 1222 1.1 christos ATOMIC_INC(nextnode->ipe_ref); 1223 1.1 christos token->ipt_data = nextnode; 1224 1.1 christos } else { 1225 1.1 christos bzero((char *)&zn, sizeof(zn)); 1226 1.1 christos nextnode = &zn; 1227 1.1 christos token->ipt_data = NULL; 1228 1.1 christos } 1229 1.1 christos hnext = nextnode->ipe_next; 1230 1.1 christos break; 1231 1.1 christos 1232 1.1 christos default : 1233 1.1 christos IPFERROR(30010); 1234 1.1 christos err = EINVAL; 1235 1.1 christos hnext = NULL; 1236 1.1 christos break; 1237 1.1 christos } 1238 1.1 christos 1239 1.1 christos RWLOCK_EXIT(&softc->ipf_poolrw); 1240 1.1 christos if (err != 0) 1241 1.1 christos return err; 1242 1.1 christos 1243 1.1 christos switch (ilp->ili_otype) 1244 1.1 christos { 1245 1.1 christos case IPFLOOKUPITER_LIST : 1246 1.1 christos err = COPYOUT(nextiph, ilp->ili_data, sizeof(*nextiph)); 1247 1.1 christos if (err != 0) { 1248 1.1 christos IPFERROR(30011); 1249 1.1 christos err = EFAULT; 1250 1.1 christos } 1251 1.1 christos if (iph != NULL) { 1252 1.1 christos WRITE_ENTER(&softc->ipf_poolrw); 1253 1.1 christos ipf_htable_deref(softc, softh, iph); 1254 1.1 christos RWLOCK_EXIT(&softc->ipf_poolrw); 1255 1.1 christos } 1256 1.1 christos break; 1257 1.1 christos 1258 1.1 christos case IPFLOOKUPITER_NODE : 1259 1.1 christos err = COPYOUT(nextnode, ilp->ili_data, sizeof(*nextnode)); 1260 1.1 christos if (err != 0) { 1261 1.1 christos IPFERROR(30012); 1262 1.1 christos err = EFAULT; 1263 1.1 christos } 1264 1.1 christos if (node != NULL) { 1265 1.1 christos WRITE_ENTER(&softc->ipf_poolrw); 1266 1.1 christos ipf_htent_deref(softc, node); 1267 1.1 christos RWLOCK_EXIT(&softc->ipf_poolrw); 1268 1.1 christos } 1269 1.1 christos break; 1270 1.1 christos } 1271 1.1 christos 1272 1.3 darrenr if (hnext == NULL) 1273 1.1 christos ipf_token_mark_complete(token); 1274 1.1 christos 1275 1.1 christos return err; 1276 1.1 christos } 1277 1.1 christos 1278 1.1 christos 1279 1.1 christos /* ------------------------------------------------------------------------ */ 1280 1.1 christos /* Function: ipf_htable_iter_deref */ 1281 1.1 christos /* Returns: int - 0 = success, else error */ 1282 1.1 christos /* Parameters: softc(I) - pointer to soft context main structure */ 1283 1.1 christos /* arg(I) - pointer to local context to use */ 1284 1.1 christos /* otype(I) - which data structure type is being walked */ 1285 1.1 christos /* unit(I) - ipfilter device to which we are working on */ 1286 1.1 christos /* data(I) - pointer to old data structure */ 1287 1.1 christos /* */ 1288 1.1 christos /* ------------------------------------------------------------------------ */ 1289 1.1 christos static int 1290 1.2 christos ipf_htable_iter_deref(ipf_main_softc_t *softc, void *arg, int otype, int unit, 1291 1.2 christos void *data) 1292 1.1 christos { 1293 1.1 christos 1294 1.1 christos if (data == NULL) 1295 1.1 christos return EFAULT; 1296 1.1 christos 1297 1.1 christos if (unit < -1 || unit > IPL_LOGMAX) 1298 1.1 christos return EINVAL; 1299 1.1 christos 1300 1.1 christos switch (otype) 1301 1.1 christos { 1302 1.1 christos case IPFLOOKUPITER_LIST : 1303 1.1 christos ipf_htable_deref(softc, arg, (iphtable_t *)data); 1304 1.1 christos break; 1305 1.1 christos 1306 1.1 christos case IPFLOOKUPITER_NODE : 1307 1.1 christos ipf_htent_deref(arg, (iphtent_t *)data); 1308 1.1 christos break; 1309 1.1 christos default : 1310 1.1 christos break; 1311 1.1 christos } 1312 1.1 christos 1313 1.1 christos return 0; 1314 1.1 christos } 1315 1.1 christos 1316 1.1 christos 1317 1.1 christos #ifdef USE_INET6 1318 1.1 christos /* ------------------------------------------------------------------------ */ 1319 1.1 christos /* Function: ipf_iphmfind6 */ 1320 1.1 christos /* Parameters: iph(I) - pointer to hash table */ 1321 1.1 christos /* addr(I) - pointer to IPv6 address */ 1322 1.1 christos /* Locks: ipf_poolrw */ 1323 1.1 christos /* */ 1324 1.1 christos /* ------------------------------------------------------------------------ */ 1325 1.1 christos static iphtent_t * 1326 1.2 christos ipf_iphmfind6(iphtable_t *iph, i6addr_t *addr) 1327 1.1 christos { 1328 1.3 darrenr i6addr_t *msk, ips; 1329 1.1 christos iphtent_t *ipe; 1330 1.1 christos u_int hv; 1331 1.1 christos int i; 1332 1.1 christos 1333 1.3 darrenr i = 0; 1334 1.1 christos maskloop: 1335 1.3 darrenr msk = iph->iph_v6_masks.imt6_active + i; 1336 1.3 darrenr ips.i6[0] = addr->i6[0] & msk->i6[0]; 1337 1.3 darrenr ips.i6[1] = addr->i6[1] & msk->i6[1]; 1338 1.3 darrenr ips.i6[2] = addr->i6[2] & msk->i6[2]; 1339 1.3 darrenr ips.i6[3] = addr->i6[3] & msk->i6[3]; 1340 1.3 darrenr hv = IPE_V6_HASH_FN(ips.i6, msk->i6, iph->iph_size); 1341 1.1 christos for (ipe = iph->iph_table[hv]; (ipe != NULL); ipe = ipe->ipe_next) { 1342 1.1 christos if ((ipe->ipe_family != AF_INET6) || 1343 1.3 darrenr IP6_NEQ(&ipe->ipe_mask, msk) || 1344 1.1 christos IP6_NEQ(&ipe->ipe_addr, &ips)) { 1345 1.1 christos continue; 1346 1.1 christos } 1347 1.1 christos break; 1348 1.1 christos } 1349 1.1 christos 1350 1.3 darrenr if (ipe == NULL) { 1351 1.3 darrenr i++; 1352 1.3 darrenr if (i < iph->iph_v6_masks.imt6_max) 1353 1.3 darrenr goto maskloop; 1354 1.1 christos } 1355 1.1 christos return ipe; 1356 1.1 christos } 1357 1.1 christos #endif 1358 1.1 christos 1359 1.1 christos 1360 1.1 christos static void 1361 1.2 christos ipf_htable_expire(ipf_main_softc_t *softc, void *arg) 1362 1.1 christos { 1363 1.1 christos ipf_htable_softc_t *softh = arg; 1364 1.1 christos iphtent_t *n; 1365 1.1 christos 1366 1.1 christos while ((n = softh->ipf_node_explist) != NULL) { 1367 1.1 christos if (n->ipe_die > softc->ipf_ticks) 1368 1.1 christos break; 1369 1.1 christos 1370 1.1 christos ipf_htent_remove(softc, softh, n->ipe_owner, n); 1371 1.1 christos } 1372 1.1 christos } 1373 1.1 christos 1374 1.1 christos 1375 1.1 christos #ifndef _KERNEL 1376 1.1 christos 1377 1.1 christos /* ------------------------------------------------------------------------ */ 1378 1.1 christos /* */ 1379 1.1 christos /* ------------------------------------------------------------------------ */ 1380 1.1 christos void 1381 1.1 christos ipf_htable_dump(softc, arg) 1382 1.1 christos ipf_main_softc_t *softc; 1383 1.1 christos void *arg; 1384 1.1 christos { 1385 1.1 christos ipf_htable_softc_t *softh = arg; 1386 1.1 christos iphtable_t *iph; 1387 1.1 christos int i; 1388 1.1 christos 1389 1.1 christos printf("List of configured hash tables\n"); 1390 1.1 christos for (i = 0; i < IPL_LOGSIZE; i++) 1391 1.1 christos for (iph = softh->ipf_htables[i]; iph != NULL; 1392 1.1 christos iph = iph->iph_next) 1393 1.1 christos printhash(iph, bcopywrap, NULL, opts, NULL); 1394 1.1 christos 1395 1.1 christos } 1396 1.1 christos #endif 1397
Indexes created Mon Sep 22 05:09:51 GMT 2025