/*
* npf_pfil_register: register pfil(9) hooks.
*/
int
npf_pfil_register(bool init)
{
npf_t *npf = npf_getkernctx();
int error = 0;
mutex_enter(softnet_lock);
KERNEL_LOCK(1, NULL);
/* Init: interface re-config and attach/detach hook. */
if (!npf_ph_if) {
npf_ph_if = pfil_head_get(PFIL_TYPE_IFNET, 0);
if (!npf_ph_if) {
error = ENOENT;
goto out;
}
error = pfil_add_hook(npf_ifhook, NULL,
PFIL_IFADDR | PFIL_IFNET, npf_ph_if);
KASSERT(error == 0);
}
if (init) {
goto out;
}
/* Check if pfil hooks are not already registered. */
if (pfil_registered) {
error = EEXIST;
goto out;
}
/* Capture points of the activity in the IP layer. */
npf_ph_inet = pfil_head_get(PFIL_TYPE_AF, (void *)AF_INET);
npf_ph_inet6 = pfil_head_get(PFIL_TYPE_AF, (void *)AF_INET6);
if (!npf_ph_inet && !npf_ph_inet6) {
error = ENOENT;
goto out;
}
/* Packet IN/OUT handlers for IP layer. */
if (npf_ph_inet) {
error = pfil_add_hook(npf_packet_handler, npf,
PFIL_ALL, npf_ph_inet);
KASSERT(error == 0);
}
if (npf_ph_inet6) {
error = pfil_add_hook(npf_packet_handler, npf,
PFIL_ALL, npf_ph_inet6);
KASSERT(error == 0);
}
pfil_registered = true;
out:
KERNEL_UNLOCK_ONE(NULL);
mutex_exit(softnet_lock);
return error;
}
/*
* npf_pfil_register: register pfil(9) hooks.
*/
int
npf_pfil_register(void)
{
int error;
mutex_enter(softnet_lock);
KERNEL_LOCK(1, NULL);
/* Check if pfil hooks are not already registered. */
if (npf_ph_if) {
error = EEXIST;
goto fail;
}
/* Capture point of any activity in interfaces and IP layer. */
npf_ph_if = pfil_head_get(PFIL_TYPE_IFNET, 0);
npf_ph_inet = pfil_head_get(PFIL_TYPE_AF, AF_INET);
npf_ph_inet6 = pfil_head_get(PFIL_TYPE_AF, AF_INET6);
if (!npf_ph_if || (!npf_ph_inet && !npf_ph_inet6)) {
npf_ph_if = NULL;
error = ENOENT;
goto fail;
}
/* Interface re-config or attach/detach hook. */
error = pfil_add_hook(npf_ifhook, NULL,
PFIL_WAITOK | PFIL_IFADDR | PFIL_IFNET, npf_ph_if);
KASSERT(error == 0);
/* Packet IN/OUT handler on all interfaces and IP layer. */
if (npf_ph_inet) {
error = pfil_add_hook(npf_packet_handler, NULL,
PFIL_WAITOK | PFIL_ALL, npf_ph_inet);
KASSERT(error == 0);
}
if (npf_ph_inet6) {
error = pfil_add_hook(npf_packet_handler, NULL,
PFIL_WAITOK | PFIL_ALL, npf_ph_inet6);
KASSERT(error == 0);
}
fail:
KERNEL_UNLOCK_ONE(NULL);
mutex_exit(softnet_lock);
return error;
}
