1 /* $NetBSD: pfil.c,v 1.23 2004/07/27 12:22:59 yamt Exp $ */ 2 3 /* 4 * Copyright (c) 1996 Matthew R. Green 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. The name of the author may not be used to endorse or promote products 16 * derived from this software without specific prior written permission. 17 * 18 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 19 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 20 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 21 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 22 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 23 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 25 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 26 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 27 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 28 * SUCH DAMAGE. 29 */ 30 31 #include <sys/cdefs.h> 32 __KERNEL_RCSID(0, "$NetBSD: pfil.c,v 1.23 2004/07/27 12:22:59 yamt Exp $"); 33 34 #include <sys/param.h> 35 #include <sys/errno.h> 36 #include <sys/malloc.h> 37 #include <sys/socket.h> 38 #include <sys/socketvar.h> 39 #include <sys/systm.h> 40 #include <sys/proc.h> 41 #include <sys/queue.h> 42 43 #include <net/if.h> 44 #include <net/pfil.h> 45 46 static int pfil_list_add(pfil_list_t *, 47 int (*)(void *, struct mbuf **, struct ifnet *, int), void *, int); 48 49 static int pfil_list_remove(pfil_list_t *, 50 int (*)(void *, struct mbuf **, struct ifnet *, int), void *); 51 52 LIST_HEAD(, pfil_head) pfil_head_list = 53 LIST_HEAD_INITIALIZER(&pfil_head_list); 54 55 /* 56 * pfil_run_hooks() runs the specified packet filter hooks. 57 */ 58 int 59 pfil_run_hooks(struct pfil_head *ph, struct mbuf **mp, struct ifnet *ifp, 60 int dir) 61 { 62 struct packet_filter_hook *pfh; 63 struct mbuf *m = NULL; 64 int rv = 0; 65 66 if ((dir & PFIL_ALL) && mp) 67 m = *mp; 68 for (pfh = pfil_hook_get(dir, ph); pfh != NULL; 69 pfh = TAILQ_NEXT(pfh, pfil_link)) { 70 if (pfh->pfil_func != NULL) { 71 if (pfh->pfil_flags & PFIL_ALL) { 72 rv = (*pfh->pfil_func)(pfh->pfil_arg, &m, ifp, 73 dir); 74 if (rv != 0 || m == NULL) 75 break; 76 } else { 77 rv = (*pfh->pfil_func)(pfh->pfil_arg, mp, ifp, 78 dir); 79 if (rv != 0) 80 break; 81 } 82 } 83 } 84 85 if ((dir & PFIL_ALL) && mp) 86 *mp = m; 87 return (rv); 88 } 89 90 /* 91 * pfil_head_register() registers a pfil_head with the packet filter 92 * hook mechanism. 93 */ 94 int 95 pfil_head_register(struct pfil_head *ph) 96 { 97 struct pfil_head *lph; 98 99 for (lph = LIST_FIRST(&pfil_head_list); lph != NULL; 100 lph = LIST_NEXT(lph, ph_list)) { 101 if (ph->ph_type == lph->ph_type && 102 ph->ph_un.phu_val == lph->ph_un.phu_val) 103 return EEXIST; 104 } 105 106 TAILQ_INIT(&ph->ph_in); 107 TAILQ_INIT(&ph->ph_out); 108 TAILQ_INIT(&ph->ph_ifaddr); 109 TAILQ_INIT(&ph->ph_ifnetevent); 110 111 LIST_INSERT_HEAD(&pfil_head_list, ph, ph_list); 112 113 return (0); 114 } 115 116 /* 117 * pfil_head_unregister() removes a pfil_head from the packet filter 118 * hook mechanism. 119 */ 120 int 121 pfil_head_unregister(struct pfil_head *pfh) 122 { 123 124 LIST_REMOVE(pfh, ph_list); 125 return (0); 126 } 127 128 /* 129 * pfil_head_get() returns the pfil_head for a given key/dlt. 130 */ 131 struct pfil_head * 132 pfil_head_get(int type, u_long val) 133 { 134 struct pfil_head *ph; 135 136 for (ph = LIST_FIRST(&pfil_head_list); ph != NULL; 137 ph = LIST_NEXT(ph, ph_list)) { 138 if (ph->ph_type == type && 139 ph->ph_un.phu_val == val) 140 break; 141 } 142 143 return (ph); 144 } 145 146 /* 147 * pfil_add_hook() adds a function to the packet filter hook. the 148 * flags are: 149 * PFIL_IN call me on incoming packets 150 * PFIL_OUT call me on outgoing packets 151 * PFIL_ALL call me on all of the above 152 * PFIL_IFADDR call me on interface reconfig (mbuf ** is ioctl #) 153 * PFIL_IFNET call me on interface attach/detach 154 * (mbuf ** is PFIL_IFNET_*) 155 * PFIL_WAITOK OK to call malloc with M_WAITOK. 156 */ 157 int 158 pfil_add_hook(int (*func)(void *, struct mbuf **, struct ifnet *, int), 159 void *arg, int flags, struct pfil_head *ph) 160 { 161 int err = 0; 162 163 if (flags & PFIL_IN) { 164 err = pfil_list_add(&ph->ph_in, func, arg, flags & ~PFIL_OUT); 165 if (err) 166 return err; 167 } 168 if (flags & PFIL_OUT) { 169 err = pfil_list_add(&ph->ph_out, func, arg, flags & ~PFIL_IN); 170 if (err) { 171 if (flags & PFIL_IN) 172 pfil_list_remove(&ph->ph_in, func, arg); 173 return err; 174 } 175 } 176 if (flags & PFIL_IFADDR) { 177 err = pfil_list_add(&ph->ph_ifaddr, func, arg, flags); 178 if (err) { 179 if (flags & PFIL_IN) 180 pfil_list_remove(&ph->ph_in, func, arg); 181 if (flags & PFIL_OUT) 182 pfil_list_remove(&ph->ph_out, func, arg); 183 return err; 184 } 185 } 186 if (flags & PFIL_IFNET) { 187 err = pfil_list_add(&ph->ph_ifnetevent, func, arg, flags); 188 if (err) { 189 if (flags & PFIL_IN) 190 pfil_list_remove(&ph->ph_in, func, arg); 191 if (flags & PFIL_OUT) 192 pfil_list_remove(&ph->ph_out, func, arg); 193 if (flags & PFIL_IFADDR) 194 pfil_list_remove(&ph->ph_ifaddr, func, arg); 195 return err; 196 } 197 } 198 return 0; 199 } 200 201 static int 202 pfil_list_add(pfil_list_t *list, 203 int (*func)(void *, struct mbuf **, struct ifnet *, int), void *arg, 204 int flags) 205 { 206 struct packet_filter_hook *pfh; 207 208 /* 209 * First make sure the hook is not already there. 210 */ 211 for (pfh = TAILQ_FIRST(list); pfh != NULL; 212 pfh = TAILQ_NEXT(pfh, pfil_link)) { 213 if (pfh->pfil_func == func && 214 pfh->pfil_arg == arg) 215 return EEXIST; 216 } 217 218 pfh = (struct packet_filter_hook *)malloc(sizeof(*pfh), M_IFADDR, 219 (flags & PFIL_WAITOK) ? M_WAITOK : M_NOWAIT); 220 if (pfh == NULL) 221 return ENOMEM; 222 223 pfh->pfil_func = func; 224 pfh->pfil_arg = arg; 225 pfh->pfil_flags = flags; 226 227 /* 228 * insert the input list in reverse order of the output list 229 * so that the same path is followed in or out of the kernel. 230 */ 231 if (flags & PFIL_IN) 232 TAILQ_INSERT_HEAD(list, pfh, pfil_link); 233 else 234 TAILQ_INSERT_TAIL(list, pfh, pfil_link); 235 236 return 0; 237 } 238 239 /* 240 * pfil_remove_hook removes a specific function from the packet filter 241 * hook list. 242 */ 243 int 244 pfil_remove_hook(int (*func)(void *, struct mbuf **, struct ifnet *, int), 245 void *arg, int flags, struct pfil_head *ph) 246 { 247 int err = 0; 248 249 if (flags & PFIL_IN) 250 err = pfil_list_remove(&ph->ph_in, func, arg); 251 if ((err == 0) && (flags & PFIL_OUT)) 252 err = pfil_list_remove(&ph->ph_out, func, arg); 253 if ((err == 0) && (flags & PFIL_IFADDR)) 254 err = pfil_list_remove(&ph->ph_ifaddr, func, arg); 255 if ((err == 0) && (flags & PFIL_IFNET)) 256 err = pfil_list_remove(&ph->ph_ifnetevent, func, arg); 257 return err; 258 } 259 260 /* 261 * pfil_list_remove is an internal function that takes a function off the 262 * specified list. 263 */ 264 static int 265 pfil_list_remove(pfil_list_t *list, 266 int (*func)(void *, struct mbuf **, struct ifnet *, int), void *arg) 267 { 268 struct packet_filter_hook *pfh; 269 270 for (pfh = TAILQ_FIRST(list); pfh != NULL; 271 pfh = TAILQ_NEXT(pfh, pfil_link)) { 272 if (pfh->pfil_func == func && pfh->pfil_arg == arg) { 273 TAILQ_REMOVE(list, pfh, pfil_link); 274 free(pfh, M_IFADDR); 275 return 0; 276 } 277 } 278 return ENOENT; 279 } 280