X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=dummynet%2Fipfw2_mod.c;h=667d48725ea9f3892faeed2ed50aacef454c52b7;hb=31b969263c34f46f398eec33c0b0e95947842cda;hp=ee4eebac8a464bf5872af1620914bba0a1e56c02;hpb=f1a44f1ebacf274e0f35970bfc8ee5aa07aa9aca;p=ipfw.git

diff --git a/dummynet/ipfw2_mod.c b/dummynet/ipfw2_mod.c
index ee4eeba..667d487 100644
--- a/dummynet/ipfw2_mod.c
+++ b/dummynet/ipfw2_mod.c
@@ -49,6 +49,8 @@
 #include <sys/mbuf.h>			/* sizeof struct mbuf */
 #include <sys/param.h>			/* NGROUPS */
 
+#include "missing.h"
+
 #ifdef __linux__
 #include <linux/module.h>
 #include <linux/kernel.h>
@@ -69,16 +71,30 @@
 #include <netinet/ip_fw.h>		/* ip_fw_ctl_t, ip_fw_chk_t */
 #include <netinet/ip_dummynet.h>	/* ip_dn_ctl_t, ip_dn_io_t */
 #include <net/pfil.h>			/* PFIL_IN, PFIL_OUT */
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
+#warning --- inet_hashtables not present on 2.4
+#include <linux/tcp.h>
+#include <net/route.h>
+#include <net/sock.h>
+static inline int inet_iif(const struct sk_buff *skb)
+{
+        return ((struct rtable *)skb->dst)->rt_iif;
+}
+
+#else
 #include <net/inet_hashtables.h>	/* inet_lookup */
+#endif
 #include <net/route.h>			/* inet_iif */
 
 /*
  * Here we allocate some global variables used in the firewall.
  */
-ip_dn_ctl_t    *ip_dn_ctl_ptr;
+//ip_dn_ctl_t    *ip_dn_ctl_ptr;
+int (*ip_dn_ctl_ptr)(struct sockopt *);
+
 ip_fw_ctl_t    *ip_fw_ctl_ptr;
 
-ip_dn_io_t     *ip_dn_io_ptr;
+int	(*ip_dn_io_ptr)(struct mbuf **m, int dir, struct ip_fw_args *fwa);
 ip_fw_chk_t    *ip_fw_chk_ptr;
 
 void		(*bridge_dn_p)(struct mbuf *, struct ifnet *);
@@ -99,19 +115,6 @@ struct mod_args {
 static unsigned int mod_idx;
 static struct mod_args mods[10];	/* hard limit to 10 modules */
 
-/*
- * Data structure to cache our ucred related
- * information. This structure only gets used if
- * the user specified UID/GID based constraints in
- * a firewall rule.
- */
-struct ip_fw_ugid {
-	gid_t           fw_groups[NGROUPS];
-	int             fw_ngroups;
-	uid_t           fw_uid;
-	int             fw_prid;
-};
-
 /*
  * my_mod_register should be called automatically as the init
  * functions in the submodules. Unfortunately this compiler/linker
@@ -486,12 +489,16 @@ extern struct inet_hashinfo tcp_hashinfo;
 int
 linux_lookup(const int proto, const __be32 saddr, const __be16 sport,
 		const __be32 daddr, const __be16 dport,
-		struct sk_buff *skb, int dir, struct ip_fw_ugid *ugp)
+		struct sk_buff *skb, int dir, struct bsd_ucred *u)
 {
+#if LINUX_VERSION_CODE <= KERNEL_VERSION(2,6,0)
+	return -1;
+#else
 	struct sock *sk;
 	int ret = -1;	/* default return value */
 	int st = -1;	/* state */
 
+
 	if (proto != IPPROTO_TCP)	/* XXX extend for UDP */
 		return -1;
 
@@ -536,10 +543,10 @@ linux_lookup(const int proto, const __be32 saddr, const __be16 sport,
 	ret = 1;	/* retrying won't make things better */
 	st = sk->sk_state;
 #ifdef CONFIG_VSERVER
-	ugp->fw_groups[1] = sk->sk_xid;
-	ugp->fw_groups[2] = sk->sk_nid;
+	u->xid = sk->sk_xid;
+	u->nid = sk->sk_nid;
 #else
-	ugp->fw_groups[1] = ugp->fw_groups[2] = 0;
+	u->xid = u->nid = 0;
 #endif
 	/*
 	 * Exclude tcp states where sk points to a inet_timewait_sock which
@@ -560,15 +567,6 @@ linux_lookup(const int proto, const __be32 saddr, const __be16 sport,
 #define _CURR_GID f_cred->fsgid
 #endif
 
-#ifdef CONFIG_VSERVER
-	ugp->fw_groups[1] = sk->sk_xid;
-	ugp->fw_groups[2] = sk->sk_nid;
-#else
-	ugp->fw_groups[1] =
-	ugp->fw_groups[2] = 0;
-#endif
-	ret = 1;
-
 #define GOOD_STATES (	\
 	(1<<TCP_LISTEN) | (1<<TCP_SYN_RECV)   | (1<<TCP_SYN_SENT)   | \
 	(1<<TCP_ESTABLISHED)  | (1<<TCP_FIN_WAIT1) | (1<<TCP_FIN_WAIT2) )
@@ -577,13 +575,13 @@ linux_lookup(const int proto, const __be32 saddr, const __be16 sport,
 
 	if ((1<<st) & GOOD_STATES) {
 		read_lock_bh(&sk->sk_callback_lock);
-			if (sk->sk_socket && sk->sk_socket->file) {
-				ugp->fw_uid = sk->sk_socket->file->_CURR_UID;
-				ugp->fw_groups[0] = sk->sk_socket->file->_CURR_GID;
-			}
+		if (sk->sk_socket && sk->sk_socket->file) {
+			u->uid = sk->sk_socket->file->_CURR_UID;
+			u->gid = sk->sk_socket->file->_CURR_GID;
+		}
 		read_unlock_bh(&sk->sk_callback_lock);
 	} else {
-		ugp->fw_uid = ugp->fw_groups[0] = 0;
+		u->uid = u->gid = 0;
 	}
 	if (!skb->sk) /* return the reference that came from the lookup */
 		sock_put(sk);
@@ -591,6 +589,8 @@ linux_lookup(const int proto, const __be32 saddr, const __be16 sport,
 #undef _CURR_UID
 #undef _CURR_GID
 	return ret;
+
+#endif /* LINUX > 2.4 */
 }
 
 /*
@@ -665,6 +665,7 @@ static struct nf_hook_ops ipfw_ops[] __read_mostly = {
 extern moduledata_t *moddesc_ipfw;
 extern moduledata_t *moddesc_dummynet;
 
+extern void rn_init(void);
 /*
  * Module glue - init and exit function.
  */
@@ -675,6 +676,8 @@ ipfw_module_init(void)
 
 	printf("%s in-hook %d svn id %s\n", __FUNCTION__, IPFW_HOOK_IN, "$Id$");
 
+	rn_init();
+
 	my_mod_register(moddesc_ipfw, "ipfw",  1);
 	my_mod_register(moddesc_dummynet, "dummynet",  2);
 	init_children();