int in6_detachhead(void **head, int off) { callout_drain(&V_rtq_mtutimer); return (rn_detachhead(head)); }
void ipfw_destroy_tables(struct ip_fw_chain *ch) { uint16_t tbl; struct radix_node_head *rnh; IPFW_WLOCK_ASSERT(ch); for (tbl = 0; tbl < IPFW_TABLES_MAX; tbl++) { ipfw_flush_table(ch, tbl); rnh = ch->tables[tbl]; rn_detachhead((void **)&rnh); } }
int ipfw_flush_table(struct ip_fw_chain *ch, uint16_t tbl) { struct radix_node_head *rnh, *xrnh; if (tbl >= V_fw_tables_max) return (EINVAL); /* * We free both (IPv4 and extended) radix trees and * clear table type here to permit table to be reused * for different type without module reload */ IPFW_WLOCK(ch); /* Set IPv4 table pointer to zero */ if ((rnh = ch->tables[tbl]) != NULL) ch->tables[tbl] = NULL; /* Set extended table pointer to zero */ if ((xrnh = ch->xtables[tbl]) != NULL) ch->xtables[tbl] = NULL; /* Zero table type */ ch->tabletype[tbl] = 0; IPFW_WUNLOCK(ch); if (rnh != NULL) { rnh->rnh_walktree(rnh, flush_table_entry, rnh); rn_detachhead((void **)&rnh); } if (xrnh != NULL) { xrnh->rnh_walktree(xrnh, flush_table_entry, xrnh); rn_detachhead((void **)&xrnh); } return (0); }
int in_detachhead(void **head, int off) { return (rn_detachhead(head)); }
int ipfw_resize_tables(struct ip_fw_chain *ch, unsigned int ntables) { struct radix_node_head **tables, **xtables, *rnh; struct radix_node_head **tables_old, **xtables_old; uint8_t *tabletype, *tabletype_old; unsigned int ntables_old, tbl; /* Check new value for validity */ if (ntables > IPFW_TABLES_MAX) ntables = IPFW_TABLES_MAX; /* Allocate new pointers */ tables = malloc(ntables * sizeof(void *), M_IPFW, M_WAITOK | M_ZERO); xtables = malloc(ntables * sizeof(void *), M_IPFW, M_WAITOK | M_ZERO); tabletype = malloc(ntables * sizeof(uint8_t), M_IPFW, M_WAITOK | M_ZERO); IPFW_WLOCK(ch); tbl = (ntables >= V_fw_tables_max) ? V_fw_tables_max : ntables; /* Copy old table pointers */ memcpy(tables, ch->tables, sizeof(void *) * tbl); memcpy(xtables, ch->xtables, sizeof(void *) * tbl); memcpy(tabletype, ch->tabletype, sizeof(uint8_t) * tbl); /* Change pointers and number of tables */ tables_old = ch->tables; xtables_old = ch->xtables; tabletype_old = ch->tabletype; ch->tables = tables; ch->xtables = xtables; ch->tabletype = tabletype; ntables_old = V_fw_tables_max; V_fw_tables_max = ntables; IPFW_WUNLOCK(ch); /* Check if we need to destroy radix trees */ if (ntables < ntables_old) { for (tbl = ntables; tbl < ntables_old; tbl++) { if ((rnh = tables_old[tbl]) != NULL) { rnh->rnh_walktree(rnh, flush_table_entry, rnh); rn_detachhead((void **)&rnh); } if ((rnh = xtables_old[tbl]) != NULL) { rnh->rnh_walktree(rnh, flush_table_entry, rnh); rn_detachhead((void **)&rnh); } } } /* Free old pointers */ free(tables_old, M_IPFW); free(xtables_old, M_IPFW); free(tabletype_old, M_IPFW); return (0); }
int ipfw_add_table_entry(struct ip_fw_chain *ch, uint16_t tbl, void *paddr, uint8_t plen, uint8_t mlen, uint8_t type, uint32_t value) { struct radix_node_head *rnh, **rnh_ptr; struct table_entry *ent; struct table_xentry *xent; struct radix_node *rn; in_addr_t addr; int offset; void *ent_ptr; struct sockaddr *addr_ptr, *mask_ptr; char c; if (tbl >= V_fw_tables_max) return (EINVAL); switch (type) { case IPFW_TABLE_CIDR: if (plen == sizeof(in_addr_t)) { #ifdef INET /* IPv4 case */ if (mlen > 32) return (EINVAL); ent = malloc(sizeof(*ent), M_IPFW_TBL, M_WAITOK | M_ZERO); ent->value = value; /* Set 'total' structure length */ KEY_LEN(ent->addr) = KEY_LEN_INET; KEY_LEN(ent->mask) = KEY_LEN_INET; /* Set offset of IPv4 address in bits */ offset = OFF_LEN_INET; ent->mask.sin_addr.s_addr = htonl(mlen ? ~((1 << (32 - mlen)) - 1) : 0); addr = *((in_addr_t *)paddr); ent->addr.sin_addr.s_addr = addr & ent->mask.sin_addr.s_addr; /* Set pointers */ rnh_ptr = &ch->tables[tbl]; ent_ptr = ent; addr_ptr = (struct sockaddr *)&ent->addr; mask_ptr = (struct sockaddr *)&ent->mask; #endif #ifdef INET6 } else if (plen == sizeof(struct in6_addr)) { /* IPv6 case */ if (mlen > 128) return (EINVAL); xent = malloc(sizeof(*xent), M_IPFW_TBL, M_WAITOK | M_ZERO); xent->value = value; /* Set 'total' structure length */ KEY_LEN(xent->a.addr6) = KEY_LEN_INET6; KEY_LEN(xent->m.mask6) = KEY_LEN_INET6; /* Set offset of IPv6 address in bits */ offset = OFF_LEN_INET6; ipv6_writemask(&xent->m.mask6.sin6_addr, mlen); memcpy(&xent->a.addr6.sin6_addr, paddr, sizeof(struct in6_addr)); APPLY_MASK(&xent->a.addr6.sin6_addr, &xent->m.mask6.sin6_addr); /* Set pointers */ rnh_ptr = &ch->xtables[tbl]; ent_ptr = xent; addr_ptr = (struct sockaddr *)&xent->a.addr6; mask_ptr = (struct sockaddr *)&xent->m.mask6; #endif } else { /* Unknown CIDR type */ return (EINVAL); } break; case IPFW_TABLE_INTERFACE: /* Check if string is terminated */ c = ((char *)paddr)[IF_NAMESIZE - 1]; ((char *)paddr)[IF_NAMESIZE - 1] = '\0'; if (((mlen = strlen((char *)paddr)) == IF_NAMESIZE - 1) && (c != '\0')) return (EINVAL); /* Include last \0 into comparison */ mlen++; xent = malloc(sizeof(*xent), M_IPFW_TBL, M_WAITOK | M_ZERO); xent->value = value; /* Set 'total' structure length */ KEY_LEN(xent->a.iface) = KEY_LEN_IFACE + mlen; KEY_LEN(xent->m.ifmask) = KEY_LEN_IFACE + mlen; /* Set offset of interface name in bits */ offset = OFF_LEN_IFACE; memcpy(xent->a.iface.ifname, paddr, mlen); /* Assume direct match */ /* TODO: Add interface pattern matching */ #if 0 memset(xent->m.ifmask.ifname, 0xFF, IF_NAMESIZE); mask_ptr = (struct sockaddr *)&xent->m.ifmask; #endif /* Set pointers */ rnh_ptr = &ch->xtables[tbl]; ent_ptr = xent; addr_ptr = (struct sockaddr *)&xent->a.iface; mask_ptr = NULL; break; default: return (EINVAL); } IPFW_WLOCK(ch); /* Check if tabletype is valid */ if ((ch->tabletype[tbl] != 0) && (ch->tabletype[tbl] != type)) { IPFW_WUNLOCK(ch); free(ent_ptr, M_IPFW_TBL); return (EINVAL); } /* Check if radix tree exists */ if ((rnh = *rnh_ptr) == NULL) { IPFW_WUNLOCK(ch); /* Create radix for a new table */ if (!rn_inithead((void **)&rnh, offset)) { free(ent_ptr, M_IPFW_TBL); return (ENOMEM); } IPFW_WLOCK(ch); if (*rnh_ptr != NULL) { /* Tree is already attached by other thread */ rn_detachhead((void **)&rnh); rnh = *rnh_ptr; /* Check table type another time */ if (ch->tabletype[tbl] != type) { IPFW_WUNLOCK(ch); free(ent_ptr, M_IPFW_TBL); return (EINVAL); } } else { *rnh_ptr = rnh; /* * Set table type. It can be set already * (if we have IPv6-only table) but setting * it another time does not hurt */ ch->tabletype[tbl] = type; } } rn = rnh->rnh_addaddr(addr_ptr, mask_ptr, rnh, ent_ptr); IPFW_WUNLOCK(ch); if (rn == NULL) { free(ent_ptr, M_IPFW_TBL); return (EEXIST); } return (0); }