File:  [DragonFly] / src / sys / contrib / ipfilter / netinet / mlfk_ipl.c
Revision 1.7: download - view: text, annotated - select for diffs
Wed May 19 22:52:39 2004 UTC (10 years, 2 months ago) by dillon
Branches: MAIN
CVS tags: HEAD, DragonFly_Stable, DragonFly_Snap29Sep2004, DragonFly_Snap13Sep2004, DragonFly_RELEASE_1_6_Slip, DragonFly_RELEASE_1_6, DragonFly_RELEASE_1_4_Slip, DragonFly_RELEASE_1_4, DragonFly_RELEASE_1_2_Slip, DragonFly_RELEASE_1_2, DragonFly_1_0_REL, DragonFly_1_0_RC1, DragonFly_1_0A_REL
Device layer rollup commit.

* cdevsw_add() is now required.  cdevsw_add() and cdevsw_remove() may specify
  a mask/match indicating the range of supported minor numbers.  Multiple
  cdevsw_add()'s using the same major number, but distinctly different
  ranges, may be issued.  All devices that failed to call cdevsw_add() before
  now do.

* cdevsw_remove() now automatically marks all devices within its supported
  range as being destroyed.

* vnode->v_rdev is no longer resolved when the vnode is created.  Instead,
  only v_udev (a newly added field) is resolved.  v_rdev is resolved when
  the vnode is opened and cleared on the last close.

* A great deal of code was making rather dubious assumptions with regards
  to the validity of devices associated with vnodes, primarily due to
  the persistence of a device structure due to being indexed by (major, minor)
  instead of by (cdevsw, major, minor).  In particular, if you run a program
  which connects to a USB device and then you pull the USB device and plug
  it back in, the vnode subsystem will continue to believe that the device
  is open when, in fact, it isn't (because it was destroyed and recreated).

  In particular, note that all the VFS mount procedures now check devices
  via v_udev instead of v_rdev prior to calling VOP_OPEN(), since v_rdev
  is NULL prior to the first open.

* The disk layer's device interaction has been rewritten.  The disk layer
  (i.e. the slice and disklabel management layer) no longer overloads
  its data onto the device structure representing the underlying physical
  disk.  Instead, the disk layer uses the new cdevsw_add() functionality
  to register its own cdevsw using the underlying device's major number,
  and simply does NOT register the underlying device's cdevsw.  No
  confusion is created because the device hash is now based on
  (cdevsw,major,minor) rather then (major,minor).

  NOTE: This also means that underlying raw disk devices may use the entire
  device minor number instead of having to reserve the bits used by the disk
  layer, and also means that can we (theoretically) stack a fully
  disklabel-supported 'disk' on top of any block device.

* The new reference counting scheme prevents this by associating a device
  with a cdevsw and disconnecting the device from its cdevsw when the cdevsw
  is removed.  Additionally, all udev2dev() lookups run through the cdevsw
  mask/match and only successfully find devices still associated with an
  active cdevsw.

* Major work on MFS:  MFS no longer shortcuts vnode and device creation.  It
  now creates a real vnode and a real device and implements real open and
  close VOPs.  Additionally, due to the disk layer changes, MFS is no longer
  limited to 255 mounts.  The new limit is 16 million.  Since MFS creates a
  real device node, mount_mfs will now create a real /dev/mfs<PID> device
  that can be read from userland (e.g. so you can dump an MFS filesystem).

* BUF AND DEVICE STRATEGY changes.  The struct buf contains a b_dev field.
  In order to properly handle stacked devices we now require that the b_dev
  field be initialized before the device strategy routine is called.  This
  required some additional work in various VFS implementations.  To enforce
  this requirement, biodone() now sets b_dev to NODEV.  The new disk layer
  will adjust b_dev before forwarding a request to the actual physical
  device.

* A bug in the ISO CD boot sequence which resulted in a panic has been fixed.

Testing by: lots of people, but David Rhodus found the most aggregious bugs.

    1: /*
    2:  * Copyright 1999 Guido van Rooij.  All rights reserved.
    3:  * 
    4:  *
    5:  * Redistribution and use in source and binary forms, with or without
    6:  * modification, are permitted provided that the following conditions are
    7:  * met:
    8:  *  1. Redistributions of source code must retain the above copyright
    9:  *     notice, this list of conditions and the following disclaimer.
   10:  *  2. Redistributions in binary form must reproduce the above copyright notice,
   11:  *     this list of conditions and the following disclaimer in the documentation
   12:  *     and/or other materials provided with the distribution.
   13:  *
   14:  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDER ``AS IS'' AND ANY EXPRESS
   15:  * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
   16:  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
   17:  * DISCLAIMED.  IN NO EVENT SHALL THE HOLDER OR CONTRIBUTORS BE LIABLE FOR
   18:  * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
   19:  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
   20:  * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
   21:  * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
   22:  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
   23:  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   24:  * SUCH DAMAGE.
   25:  *
   26:  * $FreeBSD: src/sys/contrib/ipfilter/netinet/mlfk_ipl.c,v 1.9.2.2 2002/04/27 17:37:12 darrenr Exp $
   27:  * $DragonFly: src/sys/contrib/ipfilter/netinet/mlfk_ipl.c,v 1.7 2004/05/19 22:52:39 dillon Exp $
   28:  */
   29: 
   30: 
   31: #include <sys/param.h>
   32: #include <sys/systm.h>
   33: #include <sys/kernel.h>
   34: #include <sys/module.h>
   35: #include <sys/conf.h>
   36: #include <sys/socket.h>
   37: #include <sys/sysctl.h>
   38: #include <net/if.h>
   39: #include <netinet/in_systm.h>
   40: #include <netinet/in.h>
   41: #include <netinet/ip.h>
   42: #if defined(__DragonFly__) || (__FreeBSD_version >= 199511)
   43: # include <net/route.h>
   44: # include <netinet/ip_var.h>
   45: # include <netinet/tcp.h>
   46: # include <netinet/tcpip.h>
   47: #endif
   48: 
   49: 
   50: #include "ipl.h"
   51: #include "ip_compat.h"
   52: #include "ip_fil.h"
   53: #include "ip_state.h"
   54: #include "ip_nat.h"
   55: #include "ip_auth.h"
   56: #include "ip_frag.h"
   57: #include "ip_proxy.h"
   58: 
   59: SYSCTL_DECL(_net_inet);
   60: SYSCTL_NODE(_net_inet, OID_AUTO, ipf, CTLFLAG_RW, 0, "IPF");
   61: SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_flags, CTLFLAG_RW, &fr_flags, 0, "");
   62: SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_pass, CTLFLAG_RW, &fr_pass, 0, "");
   63: SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_active, CTLFLAG_RD, &fr_active, 0, "");
   64: SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_tcpidletimeout, CTLFLAG_RW,
   65: 	   &fr_tcpidletimeout, 0, "");
   66: SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_tcpclosewait, CTLFLAG_RW,
   67: 	   &fr_tcpclosewait, 0, "");
   68: SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_tcplastack, CTLFLAG_RW,
   69: 	   &fr_tcplastack, 0, "");
   70: SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_tcptimeout, CTLFLAG_RW,
   71: 	   &fr_tcptimeout, 0, "");
   72: SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_tcpclosed, CTLFLAG_RW,
   73: 	   &fr_tcpclosed, 0, "");
   74: SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_tcphalfclosed, CTLFLAG_RW,
   75: 	   &fr_tcphalfclosed, 0, "");
   76: SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_udptimeout, CTLFLAG_RW,
   77: 	   &fr_udptimeout, 0, "");
   78: SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_udpacktimeout, CTLFLAG_RW,
   79: 	   &fr_udpacktimeout, 0, "");
   80: SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_icmptimeout, CTLFLAG_RW,
   81: 	   &fr_icmptimeout, 0, "");
   82: SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_icmpacktimeout, CTLFLAG_RW,
   83: 	   &fr_icmpacktimeout, 0, "");
   84: SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_defnatage, CTLFLAG_RW,
   85: 	   &fr_defnatage, 0, "");
   86: SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_ipfrttl, CTLFLAG_RW,
   87: 	   &fr_ipfrttl, 0, "");
   88: SYSCTL_INT(_net_inet_ipf, OID_AUTO, ipl_unreach, CTLFLAG_RW,
   89: 	   &ipl_unreach, 0, "");
   90: SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_running, CTLFLAG_RD,
   91: 	   &fr_running, 0, "");
   92: SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_authsize, CTLFLAG_RD,
   93: 	   &fr_authsize, 0, "");
   94: SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_authused, CTLFLAG_RD,
   95: 	   &fr_authused, 0, "");
   96: SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_defaultauthage, CTLFLAG_RW,
   97: 	   &fr_defaultauthage, 0, "");
   98: SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_chksrc, CTLFLAG_RW, &fr_chksrc, 0, "");
   99: SYSCTL_INT(_net_inet_ipf, OID_AUTO, ippr_ftp_pasvonly, CTLFLAG_RW,
  100: 	   &ippr_ftp_pasvonly, 0, "");
  101: SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_minttl, CTLFLAG_RW, &fr_minttl, 0, "");
  102: SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_minttllog, CTLFLAG_RW,
  103: 	   &fr_minttllog, 0, "");
  104: 
  105: #define CDEV_MAJOR 79
  106: static struct cdevsw ipl_cdevsw = {
  107: 	/* name */	"ipl",
  108: 	/* maj */	CDEV_MAJOR,
  109: 	/* flags */	0,
  110: 	/* port */      NULL,
  111: 	/* clone */	NULL,
  112: 
  113: 	/* open */	iplopen,
  114: 	/* close */	iplclose,
  115: 	/* read */	iplread,
  116: 	/* write */	nowrite,
  117: 	/* ioctl */	iplioctl,
  118: 	/* poll */	nopoll,
  119: 	/* mmap */	nommap,
  120: 	/* strategy */	nostrategy,
  121: 	/* dump */	nodump,
  122: 	/* psize */	nopsize
  123: };
  124: 
  125: static int
  126: ipfilter_modevent(module_t mod, int type, void *unused)
  127: {
  128: 	char	*c;
  129: 	int	i, error = 0;
  130: 
  131: 	switch (type) {
  132: 	case MOD_LOAD :
  133: 
  134: 		error = iplattach();
  135: 		if (error)
  136: 			break;
  137: 		cdevsw_add(&ipl_cdevsw, 0, 0);
  138: 
  139: 		c = NULL;
  140: 		for(i=strlen(IPL_NAME); i>0; i--)
  141: 			if (IPL_NAME[i] == '/') {
  142: 				c = &IPL_NAME[i+1];
  143: 				break;
  144: 			}
  145: 		if (!c)
  146: 			c = IPL_NAME;
  147: 		make_dev(&ipl_cdevsw, IPL_LOGIPF, 0, 0, 0600, c);
  148: 
  149: 		c = NULL;
  150: 		for(i=strlen(IPL_NAT); i>0; i--)
  151: 			if (IPL_NAT[i] == '/') {
  152: 				c = &IPL_NAT[i+1];
  153: 				break;
  154: 			}
  155: 		if (!c)
  156: 			c = IPL_NAT;
  157: 		make_dev(&ipl_cdevsw, IPL_LOGNAT, 0, 0, 0600, c);
  158: 
  159: 		c = NULL;
  160: 		for(i=strlen(IPL_STATE); i>0; i--)
  161: 			if (IPL_STATE[i] == '/') {
  162: 				c = &IPL_STATE[i+1];
  163: 				break;
  164: 			}
  165: 		if (!c)
  166: 			c = IPL_STATE;
  167: 		make_dev(&ipl_cdevsw, IPL_LOGSTATE, 0, 0, 0600, c);
  168: 
  169: 		c = NULL;
  170: 		for(i=strlen(IPL_AUTH); i>0; i--)
  171: 			if (IPL_AUTH[i] == '/') {
  172: 				c = &IPL_AUTH[i+1];
  173: 				break;
  174: 			}
  175: 		if (!c)
  176: 			c = IPL_AUTH;
  177: 		make_dev(&ipl_cdevsw, IPL_LOGAUTH, 0, 0, 0600, c);
  178: 
  179: 		break;
  180: 	case MOD_UNLOAD :
  181: 		cdevsw_remove(&ipl_cdevsw, 0, 0);
  182: 		error = ipldetach();
  183: 		break;
  184: 	default:
  185: 		error = EINVAL;
  186: 		break;
  187: 	}
  188: 	return error;
  189: }
  190: 
  191: static moduledata_t ipfiltermod = {
  192: 	IPL_VERSION,
  193: 	ipfilter_modevent,
  194:         0
  195: };
  196: DECLARE_MODULE(ipfilter, ipfiltermod, SI_SUB_PROTO_DOMAIN, SI_ORDER_ANY);