ip_htable.c revision 1.1
1 /* $NetBSD: ip_htable.c,v 1.1 2012/03/23 20:36:56 christos Exp $ */ 2 3 /* 4 * Copyright (C) 2012 by Darren Reed. 5 * 6 * See the IPFILTER.LICENCE file for details on licencing. 7 */ 8 #if defined(KERNEL) || defined(_KERNEL) 9 # undef KERNEL 10 # undef _KERNEL 11 # define KERNEL 1 12 # define _KERNEL 1 13 #endif 14 #include <sys/param.h> 15 #include <sys/types.h> 16 #include <sys/errno.h> 17 #include <sys/time.h> 18 #include <sys/file.h> 19 #if !defined(_KERNEL) 20 # include <stdlib.h> 21 # include <string.h> 22 # define _KERNEL 23 # ifdef __OpenBSD__ 24 struct file; 25 # endif 26 # include <sys/uio.h> 27 # undef _KERNEL 28 #endif 29 #include <sys/socket.h> 30 #if defined(__FreeBSD_version) && (__FreeBSD_version >= 300000) 31 # include <sys/malloc.h> 32 #endif 33 #if defined(__FreeBSD__) 34 # include <sys/cdefs.h> 35 # include <sys/proc.h> 36 #endif 37 #if !defined(__svr4__) && !defined(__SVR4) && !defined(__hpux) && \ 38 !defined(linux) 39 # include <sys/mbuf.h> 40 #endif 41 #if defined(_KERNEL) 42 # include <sys/systm.h> 43 #else 44 # include "ipf.h" 45 #endif 46 #include <netinet/in.h> 47 #include <net/if.h> 48 49 #include "netinet/ip_compat.h" 50 #include "netinet/ip_fil.h" 51 #include "netinet/ip_lookup.h" 52 #include "netinet/ip_htable.h" 53 /* END OF INCLUDES */ 54 55 #if !defined(lint) 56 static const char rcsid[] = "@(#)Id"; 57 #endif 58 59 # ifdef USE_INET6 60 static iphtent_t *ipf_iphmfind6 __P((iphtable_t *, i6addr_t *)); 61 # endif 62 static iphtent_t *ipf_iphmfind __P((iphtable_t *, struct in_addr *)); 63 static int ipf_iphmfindip __P((ipf_main_softc_t *, void *, int, void *, u_int)); 64 static int ipf_htable_clear __P((ipf_main_softc_t *, void *, iphtable_t *)); 65 static int ipf_htable_create __P((ipf_main_softc_t *, void *, iplookupop_t *)); 66 static int ipf_htable_deref __P((ipf_main_softc_t *, void *, void *)); 67 static int ipf_htable_destroy __P((ipf_main_softc_t *, void *, int, char *)); 68 static void *ipf_htable_exists __P((void *, int, char *)); 69 static size_t ipf_htable_flush __P((ipf_main_softc_t *, void *, 70 iplookupflush_t *)); 71 static void ipf_htable_free __P((void *, iphtable_t *)); 72 static int ipf_htable_iter_deref __P((ipf_main_softc_t *, void *, int, 73 int, void *)); 74 static int ipf_htable_iter_next __P((ipf_main_softc_t *, void *, ipftoken_t *, 75 ipflookupiter_t *)); 76 static int ipf_htable_node_add __P((ipf_main_softc_t *, void *, 77 iplookupop_t *, int)); 78 static int ipf_htable_node_del __P((ipf_main_softc_t *, void *, 79 iplookupop_t *, int)); 80 static int ipf_htable_remove __P((ipf_main_softc_t *, void *, iphtable_t *)); 81 static void *ipf_htable_soft_create __P((ipf_main_softc_t *)); 82 static void ipf_htable_soft_destroy __P((ipf_main_softc_t *, void *)); 83 static int ipf_htable_soft_init __P((ipf_main_softc_t *, void *)); 84 static void ipf_htable_soft_fini __P((ipf_main_softc_t *, void *)); 85 static int ipf_htable_stats_get __P((ipf_main_softc_t *, void *, 86 iplookupop_t *)); 87 static int ipf_htable_table_add __P((ipf_main_softc_t *, void *, 88 iplookupop_t *)); 89 static int ipf_htable_table_del __P((ipf_main_softc_t *, void *, 90 iplookupop_t *)); 91 static int ipf_htent_deref __P((void *, iphtent_t *)); 92 static iphtent_t *ipf_htent_find __P((iphtable_t *, iphtent_t *)); 93 static int ipf_htent_insert __P((ipf_main_softc_t *, void *, iphtable_t *, 94 iphtent_t *)); 95 static int ipf_htent_remove __P((ipf_main_softc_t *, void *, iphtable_t *, 96 iphtent_t *)); 97 static void *ipf_htable_select_add_ref __P((void *, int, char *)); 98 static void ipf_htable_expire __P((ipf_main_softc_t *, void *)); 99 100 101 typedef struct ipf_htable_softc_s { 102 u_long ipht_nomem[LOOKUP_POOL_SZ]; 103 u_long ipf_nhtables[LOOKUP_POOL_SZ]; 104 u_long ipf_nhtnodes[LOOKUP_POOL_SZ]; 105 iphtable_t *ipf_htables[LOOKUP_POOL_SZ]; 106 iphtent_t *ipf_node_explist; 107 } ipf_htable_softc_t; 108 109 ipf_lookup_t ipf_htable_backend = { 110 IPLT_HASH, 111 ipf_htable_soft_create, 112 ipf_htable_soft_destroy, 113 ipf_htable_soft_init, 114 ipf_htable_soft_fini, 115 ipf_iphmfindip, 116 ipf_htable_flush, 117 ipf_htable_iter_deref, 118 ipf_htable_iter_next, 119 ipf_htable_node_add, 120 ipf_htable_node_del, 121 ipf_htable_stats_get, 122 ipf_htable_table_add, 123 ipf_htable_table_del, 124 ipf_htable_deref, 125 ipf_htable_exists, 126 ipf_htable_select_add_ref, 127 NULL, 128 ipf_htable_expire, 129 NULL 130 }; 131 132 133 /* ------------------------------------------------------------------------ */ 134 /* Function: ipf_htable_soft_create */ 135 /* Returns: void * - NULL = failure, else pointer to local context */ 136 /* Parameters: softc(I) - pointer to soft context main structure */ 137 /* */ 138 /* Initialise the routing table data structures where required. */ 139 /* ------------------------------------------------------------------------ */ 140 static void * 141 ipf_htable_soft_create(softc) 142 ipf_main_softc_t *softc; 143 { 144 ipf_htable_softc_t *softh; 145 146 KMALLOC(softh, ipf_htable_softc_t *); 147 if (softh == NULL) 148 return NULL; 149 150 bzero((char *)softh, sizeof(*softh)); 151 152 return softh; 153 } 154 155 156 /* ------------------------------------------------------------------------ */ 157 /* Function: ipf_htable_soft_destroy */ 158 /* Returns: Nil */ 159 /* Parameters: softc(I) - pointer to soft context main structure */ 160 /* arg(I) - pointer to local context to use */ 161 /* */ 162 /* Clean up the pool by free'ing the radix tree associated with it and free */ 163 /* up the pool context too. */ 164 /* ------------------------------------------------------------------------ */ 165 static void 166 ipf_htable_soft_destroy(softc, arg) 167 ipf_main_softc_t *softc; 168 void *arg; 169 { 170 ipf_htable_softc_t *softh = arg; 171 172 KFREE(softh); 173 } 174 175 176 /* ------------------------------------------------------------------------ */ 177 /* Function: ipf_htable_soft_init */ 178 /* Returns: int - 0 = success, else error */ 179 /* Parameters: softc(I) - pointer to soft context main structure */ 180 /* arg(I) - pointer to local context to use */ 181 /* */ 182 /* Initialise the hash table ready for use. */ 183 /* ------------------------------------------------------------------------ */ 184 static int 185 ipf_htable_soft_init(softc, arg) 186 ipf_main_softc_t *softc; 187 void *arg; 188 { 189 ipf_htable_softc_t *softh = arg; 190 191 bzero((char *)softh, sizeof(*softh)); 192 193 return 0; 194 } 195 196 197 /* ------------------------------------------------------------------------ */ 198 /* Function: ipf_htable_soft_fini */ 199 /* Returns: Nil */ 200 /* Parameters: softc(I) - pointer to soft context main structure */ 201 /* arg(I) - pointer to local context to use */ 202 /* Locks: WRITE(ipf_global) */ 203 /* */ 204 /* Clean up all the pool data structures allocated and call the cleanup */ 205 /* function for the radix tree that supports the pools. ipf_pool_destroy is */ 206 /* used to delete the pools one by one to ensure they're properly freed up. */ 207 /* ------------------------------------------------------------------------ */ 208 static void 209 ipf_htable_soft_fini(softc, arg) 210 ipf_main_softc_t *softc; 211 void *arg; 212 { 213 iplookupflush_t fop; 214 215 fop.iplf_type = IPLT_HASH; 216 fop.iplf_unit = IPL_LOGALL; 217 fop.iplf_arg = 0; 218 fop.iplf_count = 0; 219 *fop.iplf_name = '\0'; 220 ipf_htable_flush(softc, arg, &fop); 221 } 222 223 224 /* ------------------------------------------------------------------------ */ 225 /* Function: ipf_htable_stats_get */ 226 /* Returns: int - 0 = success, else error */ 227 /* Parameters: softc(I) - pointer to soft context main structure */ 228 /* arg(I) - pointer to local context to use */ 229 /* op(I) - pointer to lookup operation data */ 230 /* */ 231 /* Copy the relevant statistics out of internal structures and into the */ 232 /* structure used to export statistics. */ 233 /* ------------------------------------------------------------------------ */ 234 static int 235 ipf_htable_stats_get(softc, arg, op) 236 ipf_main_softc_t *softc; 237 void *arg; 238 iplookupop_t *op; 239 { 240 ipf_htable_softc_t *softh = arg; 241 iphtstat_t stats; 242 int err; 243 244 if (op->iplo_size != sizeof(stats)) { 245 IPFERROR(30001); 246 return EINVAL; 247 } 248 249 stats.iphs_tables = softh->ipf_htables[op->iplo_unit + 1]; 250 stats.iphs_numtables = softh->ipf_nhtables[op->iplo_unit + 1]; 251 stats.iphs_numnodes = softh->ipf_nhtnodes[op->iplo_unit + 1]; 252 stats.iphs_nomem = softh->ipht_nomem[op->iplo_unit + 1]; 253 254 err = COPYOUT(&stats, op->iplo_struct, sizeof(stats)); 255 if (err != 0) { 256 IPFERROR(30013); 257 return EFAULT; 258 } 259 return 0; 260 261 } 262 263 264 /* ------------------------------------------------------------------------ */ 265 /* Function: ipf_htable_create */ 266 /* Returns: int - 0 = success, else error */ 267 /* Parameters: softc(I) - pointer to soft context main structure */ 268 /* arg(I) - pointer to local context to use */ 269 /* op(I) - pointer to lookup operation data */ 270 /* */ 271 /* Create a new hash table using the template passed. */ 272 /* ------------------------------------------------------------------------ */ 273 static int 274 ipf_htable_create(softc, arg, op) 275 ipf_main_softc_t *softc; 276 void *arg; 277 iplookupop_t *op; 278 { 279 ipf_htable_softc_t *softh = arg; 280 iphtable_t *iph, *oiph; 281 char name[FR_GROUPLEN]; 282 int err, i, unit; 283 284 unit = op->iplo_unit; 285 if ((op->iplo_arg & IPHASH_ANON) == 0) { 286 iph = ipf_htable_exists(softh, unit, op->iplo_name); 287 if (iph != NULL) { 288 if ((iph->iph_flags & IPHASH_DELETE) == 0) { 289 IPFERROR(30004); 290 return EEXIST; 291 } 292 iph->iph_flags &= ~IPHASH_DELETE; 293 iph->iph_ref++; 294 return 0; 295 } 296 } 297 298 KMALLOC(iph, iphtable_t *); 299 if (iph == NULL) { 300 softh->ipht_nomem[op->iplo_unit + 1]++; 301 IPFERROR(30002); 302 return ENOMEM; 303 } 304 err = COPYIN(op->iplo_struct, iph, sizeof(*iph)); 305 if (err != 0) { 306 KFREE(iph); 307 IPFERROR(30003); 308 return EFAULT; 309 } 310 311 if (iph->iph_unit != unit) { 312 IPFERROR(30005); 313 return EINVAL; 314 } 315 316 if ((op->iplo_arg & IPHASH_ANON) != 0) { 317 i = IPHASH_ANON; 318 do { 319 i++; 320 #if defined(SNPRINTF) && defined(_KERNEL) 321 SNPRINTF(name, sizeof(name), "%u", i); 322 #else 323 (void)sprintf(name, "%u", i); 324 #endif 325 for (oiph = softh->ipf_htables[unit + 1]; oiph != NULL; 326 oiph = oiph->iph_next) 327 if (strncmp(oiph->iph_name, name, 328 sizeof(oiph->iph_name)) == 0) 329 break; 330 } while (oiph != NULL); 331 332 (void)strncpy(iph->iph_name, name, sizeof(iph->iph_name)); 333 (void)strncpy(op->iplo_name, name, sizeof(op->iplo_name)); 334 iph->iph_type |= IPHASH_ANON; 335 } 336 337 KMALLOCS(iph->iph_table, iphtent_t **, 338 iph->iph_size * sizeof(*iph->iph_table)); 339 if (iph->iph_table == NULL) { 340 KFREE(iph); 341 softh->ipht_nomem[unit + 1]++; 342 IPFERROR(30006); 343 return ENOMEM; 344 } 345 346 bzero((char *)iph->iph_table, iph->iph_size * sizeof(*iph->iph_table)); 347 iph->iph_maskset[0] = 0; 348 iph->iph_maskset[1] = 0; 349 iph->iph_maskset[2] = 0; 350 iph->iph_maskset[3] = 0; 351 iph->iph_list = NULL; 352 353 iph->iph_ref = 1; 354 iph->iph_next = softh->ipf_htables[unit + 1]; 355 iph->iph_pnext = &softh->ipf_htables[unit + 1]; 356 if (softh->ipf_htables[unit + 1] != NULL) 357 softh->ipf_htables[unit + 1]->iph_pnext = &iph->iph_next; 358 softh->ipf_htables[unit + 1] = iph; 359 360 softh->ipf_nhtables[unit + 1]++; 361 362 return 0; 363 } 364 365 366 /* ------------------------------------------------------------------------ */ 367 /* Function: ipf_htable_table_del */ 368 /* Returns: int - 0 = success, else error */ 369 /* Parameters: softc(I) - pointer to soft context main structure */ 370 /* arg(I) - pointer to local context to use */ 371 /* op(I) - pointer to lookup operation data */ 372 /* */ 373 /* ------------------------------------------------------------------------ */ 374 static int 375 ipf_htable_table_del(softc, arg, op) 376 ipf_main_softc_t *softc; 377 void *arg; 378 iplookupop_t *op; 379 { 380 return ipf_htable_destroy(softc, arg, op->iplo_unit, op->iplo_name); 381 } 382 383 384 /* ------------------------------------------------------------------------ */ 385 /* Function: ipf_htable_destroy */ 386 /* Returns: int - 0 = success, else error */ 387 /* Parameters: softc(I) - pointer to soft context main structure */ 388 /* arg(I) - pointer to local context to use */ 389 /* op(I) - pointer to lookup operation data */ 390 /* */ 391 /* Find the hash table that belongs to the relevant part of ipfilter with a */ 392 /* matching name and attempt to destroy it. If it is in use, empty it out */ 393 /* and mark it for deletion so that when all the references disappear, it */ 394 /* can be removed. */ 395 /* ------------------------------------------------------------------------ */ 396 static int 397 ipf_htable_destroy(softc, arg, unit, name) 398 ipf_main_softc_t *softc; 399 void *arg; 400 int unit; 401 char *name; 402 { 403 iphtable_t *iph; 404 405 iph = ipf_htable_find(arg, unit, name); 406 if (iph == NULL) { 407 IPFERROR(30007); 408 return ESRCH; 409 } 410 411 if (iph->iph_unit != unit) { 412 IPFERROR(30008); 413 return EINVAL; 414 } 415 416 if (iph->iph_ref != 0) { 417 ipf_htable_clear(softc, arg, iph); 418 iph->iph_flags |= IPHASH_DELETE; 419 return 0; 420 } 421 422 ipf_htable_remove(softc, arg, iph); 423 424 return 0; 425 } 426 427 428 /* ------------------------------------------------------------------------ */ 429 /* Function: ipf_htable_clear */ 430 /* Returns: int - 0 = success, else error */ 431 /* Parameters: softc(I) - pointer to soft context main structure */ 432 /* arg(I) - pointer to local context to use */ 433 /* iph(I) - pointer to hash table to destroy */ 434 /* */ 435 /* Clean out the hash table by walking the list of entries and removing */ 436 /* each one, one by one. */ 437 /* ------------------------------------------------------------------------ */ 438 static int 439 ipf_htable_clear(softc, arg, iph) 440 ipf_main_softc_t *softc; 441 void *arg; 442 iphtable_t *iph; 443 { 444 iphtent_t *ipe; 445 446 while ((ipe = iph->iph_list) != NULL) 447 if (ipf_htent_remove(softc, arg, iph, ipe) != 0) 448 return 1; 449 return 0; 450 } 451 452 453 /* ------------------------------------------------------------------------ */ 454 /* Function: ipf_htable_free */ 455 /* Returns: Nil */ 456 /* Parameters: arg(I) - pointer to local context to use */ 457 /* iph(I) - pointer to hash table to destroy */ 458 /* */ 459 /* ------------------------------------------------------------------------ */ 460 static void 461 ipf_htable_free(arg, iph) 462 void *arg; 463 iphtable_t *iph; 464 { 465 ipf_htable_softc_t *softh = arg; 466 467 if (iph->iph_next != NULL) 468 iph->iph_next->iph_pnext = iph->iph_pnext; 469 if (iph->iph_pnext != NULL) 470 *iph->iph_pnext = iph->iph_next; 471 iph->iph_pnext = NULL; 472 iph->iph_next = NULL; 473 474 softh->ipf_nhtables[iph->iph_unit + 1]--; 475 476 KFREES(iph->iph_table, iph->iph_size * sizeof(*iph->iph_table)); 477 KFREE(iph); 478 } 479 480 481 /* ------------------------------------------------------------------------ */ 482 /* Function: ipf_htable_remove */ 483 /* Returns: int - 0 = success, else error */ 484 /* Parameters: softc(I) - pointer to soft context main structure */ 485 /* arg(I) - pointer to local context to use */ 486 /* iph(I) - pointer to hash table to destroy */ 487 /* */ 488 /* It is necessary to unlink here as well as free (called by deref) so that */ 489 /* the while loop in ipf_htable_flush() functions properly. */ 490 /* ------------------------------------------------------------------------ */ 491 static int 492 ipf_htable_remove(softc, arg, iph) 493 ipf_main_softc_t *softc; 494 void *arg; 495 iphtable_t *iph; 496 { 497 498 if (ipf_htable_clear(softc, arg, iph) != 0) 499 return 1; 500 501 if (iph->iph_pnext != NULL) 502 *iph->iph_pnext = iph->iph_next; 503 if (iph->iph_next != NULL) 504 iph->iph_next->iph_pnext = iph->iph_pnext; 505 iph->iph_pnext = NULL; 506 iph->iph_next = NULL; 507 508 return ipf_htable_deref(softc, arg, iph); 509 } 510 511 512 /* ------------------------------------------------------------------------ */ 513 /* Function: ipf_htable_node_del */ 514 /* Returns: int - 0 = success, else error */ 515 /* Parameters: softc(I) - pointer to soft context main structure */ 516 /* arg(I) - pointer to local context to use */ 517 /* op(I) - pointer to lookup operation data */ 518 /* uid(I) - real uid of process doing operation */ 519 /* */ 520 /* ------------------------------------------------------------------------ */ 521 static int 522 ipf_htable_node_del(softc, arg, op, uid) 523 ipf_main_softc_t *softc; 524 void *arg; 525 iplookupop_t *op; 526 int uid; 527 { 528 iphtable_t *iph; 529 iphtent_t hte, *ent; 530 int err; 531 532 if (op->iplo_size != sizeof(hte)) { 533 IPFERROR(30014); 534 return EINVAL; 535 } 536 537 err = COPYIN(op->iplo_struct, &hte, sizeof(hte)); 538 if (err != 0) { 539 IPFERROR(30015); 540 return EFAULT; 541 } 542 543 iph = ipf_htable_find(arg, op->iplo_unit, op->iplo_name); 544 if (iph == NULL) { 545 IPFERROR(30016); 546 return ESRCH; 547 } 548 549 ent = ipf_htent_find(iph, &hte); 550 if (ent == NULL) { 551 IPFERROR(30022); 552 return ESRCH; 553 } 554 555 if ((uid != 0) && (ent->ipe_uid != uid)) { 556 IPFERROR(30023); 557 return EACCES; 558 } 559 560 err = ipf_htent_remove(softc, arg, iph, ent); 561 562 return err; 563 } 564 565 566 /* ------------------------------------------------------------------------ */ 567 /* Function: ipf_htable_node_del */ 568 /* Returns: int - 0 = success, else error */ 569 /* Parameters: softc(I) - pointer to soft context main structure */ 570 /* arg(I) - pointer to local context to use */ 571 /* op(I) - pointer to lookup operation data */ 572 /* */ 573 /* ------------------------------------------------------------------------ */ 574 static int 575 ipf_htable_table_add(softc, arg, op) 576 ipf_main_softc_t *softc; 577 void *arg; 578 iplookupop_t *op; 579 { 580 int err; 581 582 if (ipf_htable_find(arg, op->iplo_unit, op->iplo_name) != NULL) { 583 IPFERROR(30017); 584 err = EEXIST; 585 } else { 586 err = ipf_htable_create(softc, arg, op); 587 } 588 589 return err; 590 } 591 592 593 /* ------------------------------------------------------------------------ */ 594 /* Function: ipf_htent_remove */ 595 /* Returns: int - 0 = success, else error */ 596 /* Parameters: softc(I) - pointer to soft context main structure */ 597 /* arg(I) - pointer to local context to use */ 598 /* iph(I) - pointer to hash table */ 599 /* ipe(I) - pointer to hash table entry to remove */ 600 /* */ 601 /* Delete an entry from a hash table. */ 602 /* ------------------------------------------------------------------------ */ 603 static int 604 ipf_htent_remove(softc, arg, iph, ipe) 605 ipf_main_softc_t *softc; 606 void *arg; 607 iphtable_t *iph; 608 iphtent_t *ipe; 609 { 610 611 if (ipe->ipe_hnext != NULL) 612 ipe->ipe_hnext->ipe_phnext = ipe->ipe_phnext; 613 if (ipe->ipe_phnext != NULL) 614 *ipe->ipe_phnext = ipe->ipe_hnext; 615 ipe->ipe_phnext = NULL; 616 ipe->ipe_hnext = NULL; 617 618 if (ipe->ipe_dnext != NULL) 619 ipe->ipe_dnext->ipe_pdnext = ipe->ipe_pdnext; 620 if (ipe->ipe_pdnext != NULL) 621 *ipe->ipe_pdnext = ipe->ipe_dnext; 622 ipe->ipe_pdnext = NULL; 623 ipe->ipe_dnext = NULL; 624 625 if (ipe->ipe_next != NULL) 626 ipe->ipe_next->ipe_pnext = ipe->ipe_pnext; 627 if (ipe->ipe_pnext != NULL) 628 *ipe->ipe_pnext = ipe->ipe_next; 629 ipe->ipe_pnext = NULL; 630 ipe->ipe_next = NULL; 631 632 switch (iph->iph_type & ~IPHASH_ANON) 633 { 634 case IPHASH_GROUPMAP : 635 if (ipe->ipe_group != NULL) 636 ipf_group_del(softc, ipe->ipe_group, IPL_LOGIPF, 637 softc->ipf_active); 638 break; 639 640 default : 641 ipe->ipe_ptr = NULL; 642 ipe->ipe_value = 0; 643 break; 644 } 645 646 return ipf_htent_deref(arg, ipe); 647 } 648 649 650 /* ------------------------------------------------------------------------ */ 651 /* Function: ipf_htable_deref */ 652 /* Returns: int - 0 = success, else error */ 653 /* Parameters: softc(I) - pointer to soft context main structure */ 654 /* arg(I) - pointer to local context to use */ 655 /* object(I) - pointer to hash table */ 656 /* */ 657 /* ------------------------------------------------------------------------ */ 658 static int 659 ipf_htable_deref(softc, arg, object) 660 ipf_main_softc_t *softc; 661 void *arg, *object; 662 { 663 ipf_htable_softc_t *softh = arg; 664 iphtable_t *iph = object; 665 int refs; 666 667 iph->iph_ref--; 668 refs = iph->iph_ref; 669 670 if (iph->iph_ref == 0) { 671 ipf_htable_free(softh, iph); 672 } 673 674 return refs; 675 } 676 677 678 /* ------------------------------------------------------------------------ */ 679 /* Function: ipf_htent_deref */ 680 /* Parameters: arg(I) - pointer to local context to use */ 681 /* ipe(I) - */ 682 /* */ 683 /* ------------------------------------------------------------------------ */ 684 static int 685 ipf_htent_deref(arg, ipe) 686 void *arg; 687 iphtent_t *ipe; 688 { 689 ipf_htable_softc_t *softh = arg; 690 691 ipe->ipe_ref--; 692 if (ipe->ipe_ref == 0) { 693 softh->ipf_nhtnodes[ipe->ipe_unit + 1]--; 694 KFREE(ipe); 695 696 return 0; 697 } 698 699 return ipe->ipe_ref; 700 } 701 702 703 /* ------------------------------------------------------------------------ */ 704 /* Function: ipf_htable_exists */ 705 /* Parameters: arg(I) - pointer to local context to use */ 706 /* */ 707 /* ------------------------------------------------------------------------ */ 708 static void * 709 ipf_htable_exists(arg, unit, name) 710 void *arg; 711 int unit; 712 char *name; 713 { 714 ipf_htable_softc_t *softh = arg; 715 iphtable_t *iph; 716 717 if (unit == IPL_LOGALL) { 718 int i; 719 720 for (i = 0; i <= LOOKUP_POOL_MAX; i++) { 721 for (iph = softh->ipf_htables[i]; iph != NULL; 722 iph = iph->iph_next) { 723 if (strncmp(iph->iph_name, name, 724 sizeof(iph->iph_name)) == 0) 725 break; 726 } 727 if (iph != NULL) 728 break; 729 } 730 } else { 731 for (iph = softh->ipf_htables[unit + 1]; iph != NULL; 732 iph = iph->iph_next) { 733 if (strncmp(iph->iph_name, name, 734 sizeof(iph->iph_name)) == 0) 735 break; 736 } 737 } 738 return iph; 739 } 740 741 742 /* ------------------------------------------------------------------------ */ 743 /* Function: ipf_htable_select_add_ref */ 744 /* Returns: void * - NULL = failure, else pointer to the hash table */ 745 /* Parameters: arg(I) - pointer to local context to use */ 746 /* unit(I) - ipfilter device to which we are working on */ 747 /* name(I) - name of the hash table */ 748 /* */ 749 /* ------------------------------------------------------------------------ */ 750 static void * 751 ipf_htable_select_add_ref(arg, unit, name) 752 void *arg; 753 int unit; 754 char *name; 755 { 756 iphtable_t *iph; 757 758 iph = ipf_htable_exists(arg, unit, name); 759 if (iph != NULL) { 760 ATOMIC_INC32(iph->iph_ref); 761 } 762 return iph; 763 } 764 765 766 /* ------------------------------------------------------------------------ */ 767 /* Function: ipf_htable_find */ 768 /* Returns: void * - NULL = failure, else pointer to the hash table */ 769 /* Parameters: arg(I) - pointer to local context to use */ 770 /* unit(I) - ipfilter device to which we are working on */ 771 /* name(I) - name of the hash table */ 772 /* */ 773 /* This function is exposed becaues it is used in the group-map feature. */ 774 /* ------------------------------------------------------------------------ */ 775 iphtable_t * 776 ipf_htable_find(arg, unit, name) 777 void *arg; 778 int unit; 779 char *name; 780 { 781 iphtable_t *iph; 782 783 iph = ipf_htable_exists(arg, unit, name); 784 if ((iph != NULL) && (iph->iph_flags & IPHASH_DELETE) == 0) 785 return iph; 786 787 return NULL; 788 } 789 790 791 /* ------------------------------------------------------------------------ */ 792 /* Function: ipf_htable_flush */ 793 /* Returns: size_t - number of entries flushed */ 794 /* Parameters: softc(I) - pointer to soft context main structure */ 795 /* arg(I) - pointer to local context to use */ 796 /* op(I) - pointer to lookup operation data */ 797 /* */ 798 /* ------------------------------------------------------------------------ */ 799 static size_t 800 ipf_htable_flush(softc, arg, op) 801 ipf_main_softc_t *softc; 802 void *arg; 803 iplookupflush_t *op; 804 { 805 ipf_htable_softc_t *softh = arg; 806 iphtable_t *iph; 807 size_t freed; 808 int i; 809 810 freed = 0; 811 812 for (i = -1; i <= IPL_LOGMAX; i++) { 813 if (op->iplf_unit == i || op->iplf_unit == IPL_LOGALL) { 814 while ((iph = softh->ipf_htables[i + 1]) != NULL) { 815 if (ipf_htable_remove(softc, arg, iph) == 0) { 816 freed++; 817 } else { 818 iph->iph_flags |= IPHASH_DELETE; 819 } 820 } 821 } 822 } 823 824 return freed; 825 } 826 827 828 /* ------------------------------------------------------------------------ */ 829 /* Function: ipf_htable_node_add */ 830 /* Returns: int - 0 = success, else error */ 831 /* Parameters: softc(I) - pointer to soft context main structure */ 832 /* arg(I) - pointer to local context to use */ 833 /* op(I) - pointer to lookup operation data */ 834 /* uid(I) - real uid of process doing operation */ 835 /* */ 836 /* ------------------------------------------------------------------------ */ 837 static int 838 ipf_htable_node_add(softc, arg, op, uid) 839 ipf_main_softc_t *softc; 840 void *arg; 841 iplookupop_t *op; 842 int uid; 843 { 844 iphtable_t *iph; 845 iphtent_t hte; 846 int err; 847 848 if (op->iplo_size != sizeof(hte)) { 849 IPFERROR(30018); 850 return EINVAL; 851 } 852 853 err = COPYIN(op->iplo_struct, &hte, sizeof(hte)); 854 if (err != 0) { 855 IPFERROR(30019); 856 return EFAULT; 857 } 858 hte.ipe_uid = uid; 859 860 iph = ipf_htable_find(arg, op->iplo_unit, op->iplo_name); 861 if (iph == NULL) { 862 IPFERROR(30020); 863 return ESRCH; 864 } 865 866 if (ipf_htent_find(iph, &hte) != NULL) { 867 IPFERROR(30021); 868 return EEXIST; 869 } 870 871 err = ipf_htent_insert(softc, arg, iph, &hte); 872 873 return err; 874 } 875 876 877 /* ------------------------------------------------------------------------ */ 878 /* Function: ipf_htent_insert */ 879 /* Returns: int - 0 = success, -1 = error */ 880 /* Parameters: softc(I) - pointer to soft context main structure */ 881 /* arg(I) - pointer to local context to use */ 882 /* op(I) - pointer to lookup operation data */ 883 /* ipeo(I) - */ 884 /* */ 885 /* Add an entry to a hash table. */ 886 /* ------------------------------------------------------------------------ */ 887 static int 888 ipf_htent_insert(softc, arg, iph, ipeo) 889 ipf_main_softc_t *softc; 890 void *arg; 891 iphtable_t *iph; 892 iphtent_t *ipeo; 893 { 894 ipf_htable_softc_t *softh = arg; 895 iphtent_t *ipe; 896 u_int hv; 897 int bits; 898 899 KMALLOC(ipe, iphtent_t *); 900 if (ipe == NULL) 901 return -1; 902 903 bcopy((char *)ipeo, (char *)ipe, sizeof(*ipe)); 904 ipe->ipe_addr.i6[0] &= ipe->ipe_mask.i6[0]; 905 ipe->ipe_addr.i6[1] &= ipe->ipe_mask.i6[1]; 906 ipe->ipe_addr.i6[2] &= ipe->ipe_mask.i6[2]; 907 ipe->ipe_addr.i6[3] &= ipe->ipe_mask.i6[3]; 908 if (ipe->ipe_family == AF_INET) { 909 bits = count4bits(ipe->ipe_mask.in4_addr); 910 ipe->ipe_addr.i6[0] = ntohl(ipe->ipe_addr.i6[0]); 911 ipe->ipe_mask.i6[0] = ntohl(ipe->ipe_mask.i6[0]); 912 ipe->ipe_addr.i6[1] = 0; 913 ipe->ipe_addr.i6[2] = 0; 914 ipe->ipe_addr.i6[3] = 0; 915 ipe->ipe_mask.i6[1] = 0; 916 ipe->ipe_mask.i6[2] = 0; 917 ipe->ipe_mask.i6[3] = 0; 918 hv = IPE_V4_HASH_FN(ipe->ipe_addr.in4_addr, 919 ipe->ipe_mask.in4_addr, iph->iph_size); 920 } else 921 #ifdef USE_INET6 922 if (ipe->ipe_family == AF_INET6) { 923 bits = count6bits(ipe->ipe_mask.i6); 924 ipe->ipe_addr.i6[0] = ntohl(ipe->ipe_addr.i6[0]); 925 ipe->ipe_addr.i6[1] = ntohl(ipe->ipe_addr.i6[1]); 926 ipe->ipe_addr.i6[2] = ntohl(ipe->ipe_addr.i6[2]); 927 ipe->ipe_addr.i6[3] = ntohl(ipe->ipe_addr.i6[3]); 928 ipe->ipe_mask.i6[0] = ntohl(ipe->ipe_mask.i6[0]); 929 ipe->ipe_mask.i6[1] = ntohl(ipe->ipe_mask.i6[1]); 930 ipe->ipe_mask.i6[2] = ntohl(ipe->ipe_mask.i6[2]); 931 ipe->ipe_mask.i6[3] = ntohl(ipe->ipe_mask.i6[3]); 932 hv = IPE_V6_HASH_FN(ipe->ipe_addr.i6, 933 ipe->ipe_mask.i6, iph->iph_size); 934 } else 935 #endif 936 { 937 KFREE(ipe); 938 return -1; 939 } 940 941 ipe->ipe_owner = iph; 942 ipe->ipe_ref = 1; 943 ipe->ipe_hnext = iph->iph_table[hv]; 944 ipe->ipe_phnext = iph->iph_table + hv; 945 946 if (iph->iph_table[hv] != NULL) 947 iph->iph_table[hv]->ipe_phnext = &ipe->ipe_hnext; 948 iph->iph_table[hv] = ipe; 949 950 ipe->ipe_next = iph->iph_list; 951 ipe->ipe_pnext = &iph->iph_list; 952 if (ipe->ipe_next != NULL) 953 ipe->ipe_next->ipe_pnext = &ipe->ipe_next; 954 iph->iph_list = ipe; 955 956 if (ipe->ipe_die != 0) { 957 /* 958 * If the new node has a given expiration time, insert it 959 * into the list of expiring nodes with the ones to be 960 * removed first added to the front of the list. The 961 * insertion is O(n) but it is kept sorted for quick scans 962 * at expiration interval checks. 963 */ 964 iphtent_t *n; 965 966 ipe->ipe_die = softc->ipf_ticks + IPF_TTLVAL(ipe->ipe_die); 967 for (n = softh->ipf_node_explist; n != NULL; n = n->ipe_dnext) { 968 if (ipe->ipe_die < n->ipe_die) 969 break; 970 if (n->ipe_dnext == NULL) { 971 /* 972 * We've got to the last node and everything 973 * wanted to be expired before this new node, 974 * so we have to tack it on the end... 975 */ 976 n->ipe_dnext = ipe; 977 ipe->ipe_pdnext = &n->ipe_dnext; 978 n = NULL; 979 break; 980 } 981 } 982 983 if (softh->ipf_node_explist == NULL) { 984 softh->ipf_node_explist = ipe; 985 ipe->ipe_pdnext = &softh->ipf_node_explist; 986 } else if (n != NULL) { 987 ipe->ipe_dnext = n; 988 ipe->ipe_pdnext = n->ipe_pdnext; 989 n->ipe_pdnext = &ipe->ipe_dnext; 990 } 991 } 992 993 if (ipe->ipe_family == AF_INET) { 994 if ((bits >= 0) && (bits != 32)) 995 iph->iph_maskset[0] |= 1 << bits; 996 } 997 #ifdef USE_INET6 998 else if (ipe->ipe_family == AF_INET6) { 999 if ((bits >= 0) && (bits != 128)) { 1000 if (bits >= 96) 1001 iph->iph_maskset[3] |= 1 << (bits - 96); 1002 else if (bits >= 64) 1003 iph->iph_maskset[2] |= 1 << (bits - 64); 1004 else if (bits >= 32) 1005 iph->iph_maskset[1] |= 1 << (bits - 32); 1006 else 1007 iph->iph_maskset[0] |= 1 << bits; 1008 } 1009 } 1010 #endif 1011 1012 switch (iph->iph_type & ~IPHASH_ANON) 1013 { 1014 case IPHASH_GROUPMAP : 1015 ipe->ipe_ptr = ipf_group_add(softc, ipe->ipe_group, NULL, 1016 iph->iph_flags, IPL_LOGIPF, 1017 softc->ipf_active); 1018 break; 1019 1020 default : 1021 ipe->ipe_ptr = NULL; 1022 ipe->ipe_value = 0; 1023 break; 1024 } 1025 1026 ipe->ipe_unit = iph->iph_unit; 1027 softh->ipf_nhtnodes[ipe->ipe_unit + 1]++; 1028 1029 return 0; 1030 } 1031 1032 1033 /* ------------------------------------------------------------------------ */ 1034 /* Function: ipf_htent_find */ 1035 /* Returns: int - 0 = success, else error */ 1036 /* Parameters: iph(I) - pointer to table to search */ 1037 /* ipeo(I) - pointer to entry to find */ 1038 /* */ 1039 /* While it isn't absolutely necessary to for the address and mask to be */ 1040 /* passed in through an iphtent_t structure, one is always present when it */ 1041 /* is time to call this function, so it is just more convenient. */ 1042 /* ------------------------------------------------------------------------ */ 1043 static iphtent_t * 1044 ipf_htent_find(iph, ipeo) 1045 iphtable_t *iph; 1046 iphtent_t *ipeo; 1047 { 1048 iphtent_t ipe, *ent; 1049 u_int hv; 1050 int bits; 1051 1052 bcopy((char *)ipeo, (char *)&ipe, sizeof(ipe)); 1053 ipe.ipe_addr.i6[0] &= ipe.ipe_mask.i6[0]; 1054 ipe.ipe_addr.i6[1] &= ipe.ipe_mask.i6[1]; 1055 ipe.ipe_addr.i6[2] &= ipe.ipe_mask.i6[2]; 1056 ipe.ipe_addr.i6[3] &= ipe.ipe_mask.i6[3]; 1057 if (ipe.ipe_family == AF_INET) { 1058 bits = count4bits(ipe.ipe_mask.in4_addr); 1059 ipe.ipe_addr.i6[0] = ntohl(ipe.ipe_addr.i6[0]); 1060 ipe.ipe_mask.i6[0] = ntohl(ipe.ipe_mask.i6[0]); 1061 ipe.ipe_addr.i6[1] = 0; 1062 ipe.ipe_addr.i6[2] = 0; 1063 ipe.ipe_addr.i6[3] = 0; 1064 ipe.ipe_mask.i6[1] = 0; 1065 ipe.ipe_mask.i6[2] = 0; 1066 ipe.ipe_mask.i6[3] = 0; 1067 hv = IPE_V4_HASH_FN(ipe.ipe_addr.in4_addr, 1068 ipe.ipe_mask.in4_addr, iph->iph_size); 1069 } else 1070 #ifdef USE_INET6 1071 if (ipe.ipe_family == AF_INET6) { 1072 bits = count6bits(ipe.ipe_mask.i6); 1073 ipe.ipe_addr.i6[0] = ntohl(ipe.ipe_addr.i6[0]); 1074 ipe.ipe_addr.i6[1] = ntohl(ipe.ipe_addr.i6[1]); 1075 ipe.ipe_addr.i6[2] = ntohl(ipe.ipe_addr.i6[2]); 1076 ipe.ipe_addr.i6[3] = ntohl(ipe.ipe_addr.i6[3]); 1077 ipe.ipe_mask.i6[0] = ntohl(ipe.ipe_mask.i6[0]); 1078 ipe.ipe_mask.i6[1] = ntohl(ipe.ipe_mask.i6[1]); 1079 ipe.ipe_mask.i6[2] = ntohl(ipe.ipe_mask.i6[2]); 1080 ipe.ipe_mask.i6[3] = ntohl(ipe.ipe_mask.i6[3]); 1081 hv = IPE_V6_HASH_FN(ipe.ipe_addr.i6, 1082 ipe.ipe_mask.i6, iph->iph_size); 1083 } else 1084 #endif 1085 return NULL; 1086 1087 for (ent = iph->iph_table[hv]; ent != NULL; ent = ent->ipe_hnext) { 1088 if (ent->ipe_family != ipe.ipe_family) 1089 continue; 1090 if (IP6_NEQ(&ipe.ipe_addr, &ent->ipe_addr)) 1091 continue; 1092 if (IP6_NEQ(&ipe.ipe_mask, &ent->ipe_mask)) 1093 continue; 1094 break; 1095 } 1096 1097 return ent; 1098 } 1099 1100 1101 /* ------------------------------------------------------------------------ */ 1102 /* Function: ipf_iphmfindgroup */ 1103 /* Returns: int - 0 = success, else error */ 1104 /* Parameters: softc(I) - pointer to soft context main structure */ 1105 /* tptr(I) - */ 1106 /* aptr(I) - */ 1107 /* */ 1108 /* Search a hash table for a matching entry and return the pointer stored */ 1109 /* in it for use as the next group of rules to search. */ 1110 /* */ 1111 /* This function is exposed becaues it is used in the group-map feature. */ 1112 /* ------------------------------------------------------------------------ */ 1113 void * 1114 ipf_iphmfindgroup(softc, tptr, aptr) 1115 ipf_main_softc_t *softc; 1116 void *tptr, *aptr; 1117 { 1118 struct in_addr *addr; 1119 iphtable_t *iph; 1120 iphtent_t *ipe; 1121 void *rval; 1122 1123 READ_ENTER(&softc->ipf_poolrw); 1124 iph = tptr; 1125 addr = aptr; 1126 1127 ipe = ipf_iphmfind(iph, addr); 1128 if (ipe != NULL) 1129 rval = ipe->ipe_ptr; 1130 else 1131 rval = NULL; 1132 RWLOCK_EXIT(&softc->ipf_poolrw); 1133 return rval; 1134 } 1135 1136 1137 /* ------------------------------------------------------------------------ */ 1138 /* Function: ipf_iphmfindip */ 1139 /* Returns: int - 0 == +ve match, -1 == error, 1 == -ve/no match */ 1140 /* Parameters: softc(I) - pointer to soft context main structure */ 1141 /* tptr(I) - pointer to the pool to search */ 1142 /* ipversion(I) - IP protocol version (4 or 6) */ 1143 /* aptr(I) - pointer to address information */ 1144 /* bytes(I) - packet length */ 1145 /* */ 1146 /* Search the hash table for a given address and return a search result. */ 1147 /* ------------------------------------------------------------------------ */ 1148 static int 1149 ipf_iphmfindip(softc, tptr, ipversion, aptr, bytes) 1150 ipf_main_softc_t *softc; 1151 void *tptr, *aptr; 1152 int ipversion; 1153 u_int bytes; 1154 { 1155 struct in_addr *addr; 1156 iphtable_t *iph; 1157 iphtent_t *ipe; 1158 int rval; 1159 1160 if (tptr == NULL || aptr == NULL) 1161 return -1; 1162 1163 iph = tptr; 1164 addr = aptr; 1165 1166 READ_ENTER(&softc->ipf_poolrw); 1167 if (ipversion == 4) { 1168 ipe = ipf_iphmfind(iph, addr); 1169 #ifdef USE_INET6 1170 } else if (ipversion == 6) { 1171 ipe = ipf_iphmfind6(iph, (i6addr_t *)addr); 1172 #endif 1173 } else { 1174 ipe = NULL; 1175 } 1176 1177 if (ipe != NULL) { 1178 rval = 0; 1179 ipe->ipe_hits++; 1180 ipe->ipe_bytes += bytes; 1181 } else { 1182 rval = 1; 1183 } 1184 RWLOCK_EXIT(&softc->ipf_poolrw); 1185 return rval; 1186 } 1187 1188 1189 /* ------------------------------------------------------------------------ */ 1190 /* Function: ipf_iphmfindip */ 1191 /* Parameters: iph(I) - pointer to hash table */ 1192 /* addr(I) - pointer to IPv4 address */ 1193 /* Locks: ipf_poolrw */ 1194 /* */ 1195 /* ------------------------------------------------------------------------ */ 1196 static iphtent_t * 1197 ipf_iphmfind(iph, addr) 1198 iphtable_t *iph; 1199 struct in_addr *addr; 1200 { 1201 u_32_t hmsk, msk, ips; 1202 iphtent_t *ipe; 1203 u_int hv; 1204 1205 hmsk = iph->iph_maskset[0]; 1206 msk = 0xffffffff; 1207 maskloop: 1208 ips = ntohl(addr->s_addr) & msk; 1209 hv = IPE_V4_HASH_FN(ips, msk, iph->iph_size); 1210 for (ipe = iph->iph_table[hv]; (ipe != NULL); ipe = ipe->ipe_hnext) { 1211 if ((ipe->ipe_family != AF_INET) || 1212 (ipe->ipe_mask.in4_addr != msk) || 1213 (ipe->ipe_addr.in4_addr != ips)) { 1214 continue; 1215 } 1216 break; 1217 } 1218 1219 if ((ipe == NULL) && (hmsk != 0)) { 1220 while (hmsk != 0) { 1221 msk <<= 1; 1222 if (hmsk & 0x80000000) 1223 break; 1224 hmsk <<= 1; 1225 } 1226 if (hmsk != 0) { 1227 hmsk <<= 1; 1228 goto maskloop; 1229 } 1230 } 1231 return ipe; 1232 } 1233 1234 1235 /* ------------------------------------------------------------------------ */ 1236 /* Function: ipf_htable_iter_next */ 1237 /* Returns: int - 0 = success, else error */ 1238 /* Parameters: softc(I) - pointer to soft context main structure */ 1239 /* arg(I) - pointer to local context to use */ 1240 /* token(I) - */ 1241 /* ilp(I) - */ 1242 /* */ 1243 /* ------------------------------------------------------------------------ */ 1244 static int 1245 ipf_htable_iter_next(softc, arg, token, ilp) 1246 ipf_main_softc_t *softc; 1247 void *arg; 1248 ipftoken_t *token; 1249 ipflookupiter_t *ilp; 1250 { 1251 ipf_htable_softc_t *softh = arg; 1252 iphtent_t *node, zn, *nextnode; 1253 iphtable_t *iph, zp, *nextiph; 1254 void *hnext; 1255 int err; 1256 1257 err = 0; 1258 iph = NULL; 1259 node = NULL; 1260 nextiph = NULL; 1261 nextnode = NULL; 1262 1263 READ_ENTER(&softc->ipf_poolrw); 1264 1265 switch (ilp->ili_otype) 1266 { 1267 case IPFLOOKUPITER_LIST : 1268 iph = token->ipt_data; 1269 if (iph == NULL) { 1270 nextiph = softh->ipf_htables[(int)ilp->ili_unit + 1]; 1271 } else { 1272 nextiph = iph->iph_next; 1273 } 1274 1275 if (nextiph != NULL) { 1276 ATOMIC_INC(nextiph->iph_ref); 1277 token->ipt_data = nextiph; 1278 } else { 1279 bzero((char *)&zp, sizeof(zp)); 1280 nextiph = &zp; 1281 token->ipt_data = NULL; 1282 } 1283 hnext = nextiph->iph_next; 1284 break; 1285 1286 case IPFLOOKUPITER_NODE : 1287 node = token->ipt_data; 1288 if (node == NULL) { 1289 iph = ipf_htable_find(arg, ilp->ili_unit + 1, 1290 ilp->ili_name); 1291 if (iph == NULL) { 1292 IPFERROR(30009); 1293 err = ESRCH; 1294 } else { 1295 nextnode = iph->iph_list; 1296 } 1297 } else { 1298 nextnode = node->ipe_next; 1299 } 1300 1301 if (nextnode != NULL) { 1302 ATOMIC_INC(nextnode->ipe_ref); 1303 token->ipt_data = nextnode; 1304 } else { 1305 bzero((char *)&zn, sizeof(zn)); 1306 nextnode = &zn; 1307 token->ipt_data = NULL; 1308 } 1309 hnext = nextnode->ipe_next; 1310 break; 1311 1312 default : 1313 IPFERROR(30010); 1314 err = EINVAL; 1315 hnext = NULL; 1316 break; 1317 } 1318 1319 RWLOCK_EXIT(&softc->ipf_poolrw); 1320 if (err != 0) 1321 return err; 1322 1323 switch (ilp->ili_otype) 1324 { 1325 case IPFLOOKUPITER_LIST : 1326 err = COPYOUT(nextiph, ilp->ili_data, sizeof(*nextiph)); 1327 if (err != 0) { 1328 IPFERROR(30011); 1329 err = EFAULT; 1330 } 1331 if (iph != NULL) { 1332 WRITE_ENTER(&softc->ipf_poolrw); 1333 ipf_htable_deref(softc, softh, iph); 1334 RWLOCK_EXIT(&softc->ipf_poolrw); 1335 } 1336 break; 1337 1338 case IPFLOOKUPITER_NODE : 1339 err = COPYOUT(nextnode, ilp->ili_data, sizeof(*nextnode)); 1340 if (err != 0) { 1341 IPFERROR(30012); 1342 err = EFAULT; 1343 } 1344 if (node != NULL) { 1345 WRITE_ENTER(&softc->ipf_poolrw); 1346 ipf_htent_deref(softc, node); 1347 RWLOCK_EXIT(&softc->ipf_poolrw); 1348 } 1349 break; 1350 } 1351 1352 if (hnext != NULL) 1353 ipf_token_mark_complete(token); 1354 1355 return err; 1356 } 1357 1358 1359 /* ------------------------------------------------------------------------ */ 1360 /* Function: ipf_htable_iter_deref */ 1361 /* Returns: int - 0 = success, else error */ 1362 /* Parameters: softc(I) - pointer to soft context main structure */ 1363 /* arg(I) - pointer to local context to use */ 1364 /* otype(I) - which data structure type is being walked */ 1365 /* unit(I) - ipfilter device to which we are working on */ 1366 /* data(I) - pointer to old data structure */ 1367 /* */ 1368 /* ------------------------------------------------------------------------ */ 1369 static int 1370 ipf_htable_iter_deref(softc, arg, otype, unit, data) 1371 ipf_main_softc_t *softc; 1372 void *arg; 1373 int otype; 1374 int unit; 1375 void *data; 1376 { 1377 1378 if (data == NULL) 1379 return EFAULT; 1380 1381 if (unit < -1 || unit > IPL_LOGMAX) 1382 return EINVAL; 1383 1384 switch (otype) 1385 { 1386 case IPFLOOKUPITER_LIST : 1387 ipf_htable_deref(softc, arg, (iphtable_t *)data); 1388 break; 1389 1390 case IPFLOOKUPITER_NODE : 1391 ipf_htent_deref(arg, (iphtent_t *)data); 1392 break; 1393 default : 1394 break; 1395 } 1396 1397 return 0; 1398 } 1399 1400 1401 #ifdef USE_INET6 1402 /* ------------------------------------------------------------------------ */ 1403 /* Function: ipf_iphmfind6 */ 1404 /* Parameters: iph(I) - pointer to hash table */ 1405 /* addr(I) - pointer to IPv6 address */ 1406 /* Locks: ipf_poolrw */ 1407 /* */ 1408 /* ------------------------------------------------------------------------ */ 1409 static iphtent_t * 1410 ipf_iphmfind6(iph, addr) 1411 iphtable_t *iph; 1412 i6addr_t *addr; 1413 { 1414 i6addr_t msk, ips; 1415 iphtent_t *ipe; 1416 u_32_t hmsk; 1417 u_int hv; 1418 int i; 1419 1420 for (i = 3, hmsk = iph->iph_maskset[3]; (hmsk == 0) && (i >= 0); i--) 1421 hmsk = iph->iph_maskset[i]; 1422 1423 msk.i6[0] = 0xffffffff; 1424 msk.i6[1] = 0xffffffff; 1425 msk.i6[2] = 0xffffffff; 1426 msk.i6[3] = 0xffffffff; 1427 ips.i6[0] = ntohl(addr->i6[0]); 1428 ips.i6[1] = ntohl(addr->i6[1]); 1429 ips.i6[2] = ntohl(addr->i6[2]); 1430 ips.i6[3] = ntohl(addr->i6[3]); 1431 maskloop: 1432 if (i >= 0) 1433 ips.i6[i] = ntohl(addr->i6[i]) & msk.i6[i]; 1434 hv = IPE_V6_HASH_FN(ips.i6, msk.i6, iph->iph_size); 1435 for (ipe = iph->iph_table[hv]; (ipe != NULL); ipe = ipe->ipe_next) { 1436 if ((ipe->ipe_family != AF_INET6) || 1437 IP6_NEQ(&ipe->ipe_mask, &msk) || 1438 IP6_NEQ(&ipe->ipe_addr, &ips)) { 1439 continue; 1440 } 1441 break; 1442 } 1443 1444 if ((ipe == NULL) && (i >= 0)) { 1445 nextmask: 1446 if (hmsk != 0) { 1447 while (hmsk != 0) { 1448 msk.i6[i] <<= 1; 1449 if (hmsk & 0x80000000) 1450 break; 1451 hmsk <<= 1; 1452 } 1453 if (hmsk != 0) { 1454 hmsk <<= 1; 1455 goto maskloop; 1456 } 1457 } else if (i >= 0) { 1458 ips.i6[i] = 0; 1459 msk.i6[i] = 0; 1460 i--; 1461 hmsk = iph->iph_maskset[i]; 1462 goto nextmask; 1463 } 1464 } 1465 return ipe; 1466 } 1467 #endif 1468 1469 1470 static void 1471 ipf_htable_expire(softc, arg) 1472 ipf_main_softc_t *softc; 1473 void *arg; 1474 { 1475 ipf_htable_softc_t *softh = arg; 1476 iphtent_t *n; 1477 1478 while ((n = softh->ipf_node_explist) != NULL) { 1479 if (n->ipe_die > softc->ipf_ticks) 1480 break; 1481 1482 ipf_htent_remove(softc, softh, n->ipe_owner, n); 1483 } 1484 } 1485 1486 1487 #ifndef _KERNEL 1488 1489 /* ------------------------------------------------------------------------ */ 1490 /* */ 1491 /* ------------------------------------------------------------------------ */ 1492 void 1493 ipf_htable_dump(softc, arg) 1494 ipf_main_softc_t *softc; 1495 void *arg; 1496 { 1497 ipf_htable_softc_t *softh = arg; 1498 iphtable_t *iph; 1499 int i; 1500 1501 printf("List of configured hash tables\n"); 1502 for (i = 0; i < IPL_LOGSIZE; i++) 1503 for (iph = softh->ipf_htables[i]; iph != NULL; 1504 iph = iph->iph_next) 1505 printhash(iph, bcopywrap, NULL, opts, NULL); 1506 1507 } 1508 #endif 1509
Indexes created Sat Sep 27 14:09:57 GMT 2025