#include <netinet/ip_fw.h> /* ip_fw_ctl_t, ip_fw_chk_t */
#include <netinet/ip_dummynet.h> /* ip_dn_ctl_t, ip_dn_io_t */
#include <net/pfil.h> /* PFIL_IN, PFIL_OUT */
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
+#warning --- inet_hashtables not present on 2.4
+#include <linux/tcp.h>
+#include <net/route.h>
+#include <net/sock.h>
+static inline int inet_iif(const struct sk_buff *skb)
+{
+ return ((struct rtable *)skb->dst)->rt_iif;
+}
+
+#else
#include <net/inet_hashtables.h> /* inet_lookup */
+#endif
#include <net/route.h> /* inet_iif */
/*
static unsigned int mod_idx;
static struct mod_args mods[10]; /* hard limit to 10 modules */
-/*
- * Data structure to cache our ucred related
- * information. This structure only gets used if
- * the user specified UID/GID based constraints in
- * a firewall rule.
- */
-struct ip_fw_ugid {
- gid_t fw_groups[NGROUPS];
- int fw_ngroups;
- uid_t fw_uid;
- int fw_prid;
-};
-
/*
* my_mod_register should be called automatically as the init
* functions in the submodules. Unfortunately this compiler/linker
int
linux_lookup(const int proto, const __be32 saddr, const __be16 sport,
const __be32 daddr, const __be16 dport,
- struct sk_buff *skb, int dir, struct ip_fw_ugid *ugp)
+ struct sk_buff *skb, int dir, struct bsd_ucred *u)
{
+#if LINUX_VERSION_CODE <= KERNEL_VERSION(2,6,0)
+ return -1;
+#else
struct sock *sk;
int ret = -1; /* default return value */
int st = -1; /* state */
+
if (proto != IPPROTO_TCP) /* XXX extend for UDP */
return -1;
ret = 1; /* retrying won't make things better */
st = sk->sk_state;
#ifdef CONFIG_VSERVER
- ugp->fw_groups[1] = sk->sk_xid;
- ugp->fw_groups[2] = sk->sk_nid;
+ u->xid = sk->sk_xid;
+ u->nid = sk->sk_nid;
#else
- ugp->fw_groups[1] = ugp->fw_groups[2] = 0;
+ u->xid = u->nid = 0;
#endif
/*
* Exclude tcp states where sk points to a inet_timewait_sock which
#define _CURR_GID f_cred->fsgid
#endif
-#ifdef CONFIG_VSERVER
- ugp->fw_groups[1] = sk->sk_xid;
- ugp->fw_groups[2] = sk->sk_nid;
-#else
- ugp->fw_groups[1] =
- ugp->fw_groups[2] = 0;
-#endif
- ret = 1;
-
#define GOOD_STATES ( \
(1<<TCP_LISTEN) | (1<<TCP_SYN_RECV) | (1<<TCP_SYN_SENT) | \
(1<<TCP_ESTABLISHED) | (1<<TCP_FIN_WAIT1) | (1<<TCP_FIN_WAIT2) )
if ((1<<st) & GOOD_STATES) {
read_lock_bh(&sk->sk_callback_lock);
- if (sk->sk_socket && sk->sk_socket->file) {
- ugp->fw_uid = sk->sk_socket->file->_CURR_UID;
- ugp->fw_groups[0] = sk->sk_socket->file->_CURR_GID;
- }
+ if (sk->sk_socket && sk->sk_socket->file) {
+ u->uid = sk->sk_socket->file->_CURR_UID;
+ u->gid = sk->sk_socket->file->_CURR_GID;
+ }
read_unlock_bh(&sk->sk_callback_lock);
} else {
- ugp->fw_uid = ugp->fw_groups[0] = 0;
+ u->uid = u->gid = 0;
}
if (!skb->sk) /* return the reference that came from the lookup */
sock_put(sk);
#undef _CURR_UID
#undef _CURR_GID
return ret;
+
+#endif /* LINUX > 2.4 */
}
/*
extern moduledata_t *moddesc_ipfw;
extern moduledata_t *moddesc_dummynet;
+extern void rn_init(void);
/*
* Module glue - init and exit function.
*/
printf("%s in-hook %d svn id %s\n", __FUNCTION__, IPFW_HOOK_IN, "$Id$");
+ rn_init();
+
my_mod_register(moddesc_ipfw, "ipfw", 1);
my_mod_register(moddesc_dummynet, "dummynet", 2);
init_children();