[Netadm-devel] gwc/pf pf.c,1.1.1.1,1.2 pf.h,1.1.1.1,1.2 sysioctl.h,1.1.1.1,1.2
Status: Beta
Brought to you by:
linuxpark
Menu
▾
▴
[Netadm-devel] gwc/pf pf.c,1.1.1.1,1.2 pf.h,1.1.1.1,1.2 sysioctl.h,1.1.1.1,1.2
|
From: linuxpark <lin...@us...> - 2006-02-17 06:59:16
|
Update of /cvsroot/netadm/gwc/pf In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv16776/pf Modified Files: pf.c pf.h sysioctl.h Log Message: MOD: 1. Replace current linkedlist in pf to hashtable for better performance. as there are more rules of pf, the performance will be better than linkedlist. it was inspired by route cache in linux of alan cox's debug flag will print the result of pf. 2. Add IOCTLPF_REFLESH from now, only the rules in GUI or cli of pf will be applied only if user click "apply" or hostpol_apply in cli command. TODO: support subnet in "flow control" Index: pf.h =================================================================== RCS file: /cvsroot/netadm/gwc/pf/pf.h,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -C2 -d -r1.1.1.1 -r1.2 *** pf.h 30 Jan 2006 17:41:25 -0000 1.1.1.1 --- pf.h 17 Feb 2006 06:59:00 -0000 1.2 *************** *** 13,40 **** #include <linux/udp.h> #include <linux/types.h> #if !defined(PFINFO) ! #define PFINFO "WIBRO_PF" #endif - #ifndef DEVICE_NAME ! #define DEVICE_NAME "pf" #endif - #ifndef KUIO_DEVICE_NAME ! #define KUIO_DEVICE_NAME "pf" #endif ! #define KUIO_MAJOR_NUM 253 ! #define dprintk( fmt, args... ) do { \ ! if ( debug ) \ ! printk("%s: (%s,%s:%d): " fmt, \ ! DEVICE_NAME, __FILE__, __FUNCTION__, __LINE__, ##args); \ ! \ ! printk("%s: " fmt, \ ! DEVICE_NAME, __FILE__, __FUNCTION__, __LINE__, ##args); \ ! } while(0) ! #define LINEDEBUG printk("\n%d\n",__LINE__); static __inline__ int --- 13,63 ---- #include <linux/udp.h> #include <linux/types.h> + #if !defined(PFINFO) ! #define PFINFO "cherokee-pf" #endif #ifndef DEVICE_NAME ! #define DEVICE_NAME "cherokee-pf" #endif #ifndef KUIO_DEVICE_NAME ! #define KUIO_DEVICE_NAME "cherokee-kuio" #endif + #define KUIO_MAJOR_NUM 253 + #define BLOCK_HOST 0x0001 + #define MODIFY_SEQ 0x0002 ! struct host { ! __u32 saddr; ! __u8 type; ! __u32 pktcnt; ! __u32 max_pktrate; ! }; ! struct blk_key{ ! __u32 saddr; ! }; ! struct blk{ ! struct blk *next; ! struct host host; ! struct blk_key key; ! }; ! ! struct blk_hash_bucket{ ! struct blk *chain; ! spinlock_t lock; ! }__attribute__((aligned (8))); ! ! unsigned blk_hash_mask; ! ! static __inline__ unsigned blk_hash_code (u32 saddr) { ! u32 daddr = 0x1289CD94; ! u8 tos = 0x07; ! ! unsigned hash = ((daddr & 0xF0F0F0F0) >> 4) | ((daddr & 0x0F0F0F0F) << 4); ! hash ^= saddr ^ tos; ! hash ^= (hash >> 16); ! return (hash ^ (hash >> 8)) & blk_hash_mask; ! } static __inline__ int *************** *** 91,93 **** --- 114,122 ---- } + #define dprintk( fmt, args... ) do { \ + if ( debug ) \ + printk("%s: [%s:%d] " fmt, \ + DEVICE_NAME, __FUNCTION__, __LINE__, ##args); \ + } while(0) + #endif /* __ASRV_PFILTER_H */ Index: pf.c =================================================================== RCS file: /cvsroot/netadm/gwc/pf/pf.c,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -C2 -d -r1.1.1.1 -r1.2 *** pf.c 30 Jan 2006 17:41:25 -0000 1.1.1.1 --- pf.c 17 Feb 2006 06:59:00 -0000 1.2 *************** *** 44,160 **** #include "sysioctl.h" ! static int debug_pf __initdata = 0; ! /* X86 list accelator */ ! #ifndef container_of ! #define container_of(ptr, type, member) ({ \ ! const typeof( ((type *)0)->member ) *__mptr = (ptr); \ ! (type *)( (char *)__mptr - offsetof(type,member) );}) #endif ! /* ! * 2.6.x does not include this macro so i port here ! */ ! #define BLOCK_HOST 0x0001 ! #define MODIFY_SEQ 0x0002 ! struct host { ! struct list_head list; ! __u32 ip; ! __u8 type; ! __u32 pktcnt; ! __u32 max_pktrate; ! }; ! static struct rw_semaphore srclist_mutex; ! static rwlock_t srclist_lock; ! static struct list_head srclist = LIST_HEAD_INIT(srclist); ! #define PLIST(a, b, c, s) do { \ ! printk("%s\n", s); \ ! list_for_each_entry (a, &b, c) { \ ! printk("Registered Src: %u.%u.%u.%u\n", NIPQUAD(a->ip)); \ ! } \ ! }while(0) ! static int kuio_rdopen = 0; ! static int kuio_wdopen = 0; ! static struct nf_hook_ops wibro_iphook; ! static struct timer_list pc_alz; ! static void set_timer(void); ! static void ! update_pktcnt(unsigned long ptr) ! { ! struct host *hp; ! read_lock(&srclist_lock); ! list_for_each_entry(hp, &srclist, list) { ! hp->pktcnt = 0; ! } ! read_unlock(&srclist_lock); ! set_timer(); } ! static void ! set_timer(void) ! { ! pc_alz.function = update_pktcnt; ! pc_alz.data = 0; ! pc_alz.expires = jiffies + HZ; ! add_timer(&pc_alz); } ! static unsigned int ! wibro_ip_hook_func(unsigned int hooknum, ! struct sk_buff **skb, ! const struct net_device *in, ! const struct net_device *out, int (*okfn) (struct sk_buff *)) { ! struct sk_buff *sb = *skb; ! const struct iphdr *ip = sb->nh.iph; ! struct tcphdr *tcph; ! struct host *hp; ! /* down_read(&srclist_mutex); */ ! read_lock(&srclist_lock); ! list_for_each_entry(hp, &srclist, list) { ! if (sb->nh.iph->saddr == hp->ip) { ! if (hp->type == BLOCK_HOST) { /* block host */ ! /* up_read(&srclist_mutex); */ ! if (!hp->max_pktrate ! || hp->pktcnt > hp->max_pktrate) { ! printk ! ("%s: [Drop | SFlow Control] %u.%u.%u.%u [%d/%d] \n", ! DEVICE_NAME, NIPQUAD(hp->ip), ! hp->pktcnt, hp->max_pktrate); ! ++hp->pktcnt; ! read_unlock(&srclist_lock); ! return NF_DROP; ! } ! ++hp->pktcnt; ! } else { /* modify seq */ ! if (ip->protocol == IPPROTO_TCP) { ! tcph = ! (void *) (sb)->data + ! sb->nh.iph->ihl * 4; ! tcph->seq += 3; ! printk ! ("%s: [Modify TCP seq] %u.%u.%u.%u old seq : 0x%x, new seq 0x%x\n", ! DEVICE_NAME, NIPQUAD(hp->ip), ! tcph->seq - 3, tcph->seq); ! } ! } ! } } - /* up_read(&srclist_mutex); */ - read_unlock(&srclist_lock); ! return NF_ACCEPT; } --- 44,334 ---- #include "sysioctl.h" ! static int debug __initdata = 0; ! static int kuio_rdopen = 0; ! static int kuio_wdopen = 0; ! static struct nf_hook_ops iphook_tab; ! static struct timer_list pc_alz; ! static void set_timer(void); ! ! /* block list hash table */ ! static struct blk_hash_bucket *blk_hash_table; ! static kmem_cache_t *kmem_cachep; ! ! static int blk_intern_hash(unsigned hash, struct blk *blk) ! { ! struct blk *blkh, **blkhp; ! int chain_length = 0; ! ! blkhp = &blk_hash_table[hash].chain; ! ! spin_lock (&blk_hash_table[hash].lock); ! while( (blkh = *blkhp) != NULL){ ! ! if( blkh->key.saddr == blk->key.saddr ){ ! *blkhp = blkh->next; ! blkh->next = blk_hash_table[hash].chain; ! blk_hash_table[hash].chain = blkh; ! /* need jiffies ?*/ ! spin_unlock(&blk_hash_table[hash].lock); ! *blkhp = blkh; ! printk("%s:%s: We meet any collision\n", DEVICE_NAME, __FUNCTION__); ! return -1; ! } ! ! chain_length++; ! printk("%s: chain length(%d)\n", DEVICE_NAME, chain_length); ! blkhp = &blkh->next; ! } ! ! blk_hash_table[hash].chain=blk; ! spin_unlock(&blk_hash_table[hash].lock); ! return 1; ! } ! ! static struct blk *blk_alloc( void ){ ! struct blk *blknode; ! ! blknode = kmem_cache_alloc(kmem_cachep, in_interrupt()? SLAB_ATOMIC:SLAB_KERNEL); ! if (!blknode) { ! printk("%s: Failed to alloc blk from cache mem\n", DEVICE_NAME); ! return NULL; ! } ! ! memset (blknode, 0, sizeof (struct blk)); ! return blknode; ! #if 0 ! new->host = (struct host *) kmalloc(sizeof (struct host), ! in_interrupt()? GFP_ATOMIC : GFP_KERNEL); ! if (!new->host) { ! printk("%s: Failed to alloc host\n", DEVICE_NAME); ! return NULL; ! } ! #endif ! } ! ! static int free_blk_hash_table(void){ ! struct blk *blkh, **blkhp; ! int i; ! ! for( i = 0; i <= blk_hash_mask; i++){ ! blkhp = &blk_hash_table[i].chain; ! ! spin_lock(&blk_hash_table[i].lock); ! while( (blkh = *blkhp) != NULL){ ! blkhp = &blkh->next; ! #if 0 ! kfree (blkh->host); /* FIXME */ #endif + printk("kmem_cache_free\n"); + kmem_cache_free(kmem_cachep, blkh); + } + spin_unlock(&blk_hash_table[i].lock); + } ! if ( kmem_cache_destroy(kmem_cachep) ) { ! printk ("%s: Failed to destroy cache memory\n", DEVICE_NAME); ! return -1; ! } else { ! printk ("%s: Success to destroy cache memory\n", DEVICE_NAME); ! } ! return 1; ! } ! static void update_pktcnt( unsigned long ptr ){ ! struct blk *blkh, **blkhp; ! int i; ! for( i = 0; i <= blk_hash_mask; i++){ ! ! spin_lock(&blk_hash_table[i].lock); ! blkhp = &blk_hash_table[i].chain; ! while( (blkh = *blkhp) != NULL){ ! dprintk(""); ! blkh->host.pktcnt = 0; ! blkhp = &blkh->next; ! dprintk(""); ! printk ("%s: update packet count of (%u.%u.%u.%u)\n", ! DEVICE_NAME, NIPQUAD(blkh->host.saddr)); ! } ! spin_unlock(&blk_hash_table[i].lock); ! } ! set_timer(); ! } ! static int register_host( u32 saddr, u8 type, u32 max_pktrate){ ! struct blk *key_hp; ! int ret; ! unsigned hash; ! key_hp = blk_alloc(); ! if(!key_hp) { ! printk("%s : %s Failed to blk_alloc\n",DEVICE_NAME, __FUNCTION__ ); ! return -1; ! } ! key_hp->key.saddr = key_hp->host.saddr = saddr; ! key_hp->host.type = type; ! key_hp->host.pktcnt = 0; ! key_hp->host.max_pktrate = max_pktrate; ! hash = blk_hash_code(key_hp->key.saddr); ! return ret = blk_intern_hash (hash, key_hp); } ! static int unregister_host (u32 saddr) { ! struct blk *blkh, *pre_blkh; ! unsigned hash; ! dprintk(""); ! hash = blk_hash_code(saddr); ! ! dprintk(""); ! spin_lock(&blk_hash_table[hash].lock); ! pre_blkh = blk_hash_table[hash].chain; ! blkh = pre_blkh->next; ! ! dprintk(""); ! while ( (saddr != blkh->key.saddr) && blkh != NULL) { ! dprintk(""); ! pre_blkh = pre_blkh->next; ! blkh = pre_blkh->next; ! } ! ! if (blkh == NULL) { ! dprintk(""); ! spin_unlock(&blk_hash_table[hash].lock); ! printk ("%s: There is no such host %u.%u.%u.%u\n", DEVICE_NAME, NIPQUAD(saddr)); ! return -1; ! } ! ! dprintk(""); ! pre_blkh->next = blkh->next; ! kmem_cache_free( kmem_cachep, blkh); ! spin_unlock(&blk_hash_table[hash].lock); ! printk ("%s: Successfully unregistered host %u.%u.%u.%u\n", DEVICE_NAME, NIPQUAD(saddr)); ! return 1; } ! static int find_host (u32 saddr) { ! struct blk *blkh; ! unsigned hash; ! ! hash = blk_hash_code(saddr); ! ! spin_lock(&blk_hash_table[hash].lock); ! for( blkh = blk_hash_table[hash].chain; blkh; blkh = blkh->next){ ! ! if ( blkh->key.saddr == saddr ) { ! spin_unlock(&blk_hash_table[hash].lock); ! return 1; ! } ! } ! spin_unlock(&blk_hash_table[hash].lock); ! return -1; ! } ! ! static int init_blk_hash_table( void ){ ! int goal, order, i; ! ! kmem_cachep = kmem_cache_create("cherokee-pf", sizeof(struct blk), 0, SLAB_HWCACHE_ALIGN, NULL, NULL); ! if(!kmem_cachep){ ! printk("%s: Failed to allocate block_host_cache\n", DEVICE_NAME); ! ! if (kmem_cache_destroy(kmem_cachep)) ! printk("%s: Not all blk_hash's were freed\n", DEVICE_NAME); ! ! return -1; ! } ! ! goal = num_physpages >> (26 - PAGE_SHIFT); ! for(order=0; (1UL<<order)<goal; order++); ! ! do{ ! blk_hash_mask=(1UL<<order)*PAGE_SIZE / sizeof(struct blk_hash_bucket); ! ! while(blk_hash_mask & (blk_hash_mask-1)) ! blk_hash_mask--; ! ! blk_hash_table = (struct blk_hash_bucket*)__get_free_pages(GFP_ATOMIC, order); ! ! }while( blk_hash_table==NULL && --order > 0 ); ! ! printk("%s: num_physpages (%ld) PAGE_SHIFT (%d) goad(%d) blk_hash_mask(%x)\n", ! DEVICE_NAME, num_physpages, PAGE_SHIFT, goal, blk_hash_mask); ! ! if(!blk_hash_table) { ! printk("%s: Failed to alloc blk hash table\n",DEVICE_NAME); ! } else { ! printk("%s: blk_hash_table of %u buckets, %ldKbytes\n", ! DEVICE_NAME, blk_hash_mask, ! (long)(blk_hash_mask * sizeof(struct blk_hash_bucket))/1024); ! } ! ! blk_hash_mask--; ! for( i = 0; i <= blk_hash_mask; i++ ){ ! spin_lock_init (&blk_hash_table[i].lock); ! blk_hash_table[i].chain=NULL; ! } ! ! printk("%s: Success to initialize blk hash table \n",DEVICE_NAME); ! return 1; ! } ! ! static void set_timer(void) { ! pc_alz.function = update_pktcnt; ! pc_alz.data = 0; ! pc_alz.expires = jiffies + HZ; ! add_timer(&pc_alz); ! } ! static unsigned int ! ip_hook_func (unsigned int hooknum, ! struct sk_buff **skb, ! const struct net_device *in, ! const struct net_device *out, int (*okfn) (struct sk_buff *)) ! { ! struct sk_buff *sb = *skb; ! const struct iphdr *ip = sb->nh.iph; ! struct tcphdr *tcph; ! struct blk *blkh; ! struct host *hp; ! unsigned hash; ! hash = blk_hash_code(ip->saddr); ! spin_lock (&blk_hash_table[hash].lock); ! for( blkh = blk_hash_table[hash].chain; blkh; blkh = blkh->next){ ! if ( blkh->key.saddr == ip->saddr ) { ! hp = &blkh->host; ! ! if (hp->type == BLOCK_HOST) { ! ! /* Block host or Flow control */ ! if (!hp->max_pktrate || hp->pktcnt > hp->max_pktrate) { ! ++hp->pktcnt; ! dprintk("Drop | SFlow Control %u.%u.%u.%u [%d/%d] \n", ! NIPQUAD(hp->saddr), hp->pktcnt, hp->max_pktrate); ! spin_unlock (&blk_hash_table[hash].lock); ! return NF_DROP; } ! ++hp->pktcnt; ! } else { ! /* modify TCP seq */ ! if (ip->protocol == IPPROTO_TCP) { ! tcph =(void *) (sb)->data +sb->nh.iph->ihl * 4; ! tcph->seq += 3; ! dprintk("[Modify TCP seq] %u.%u.%u.%u old seq : 0x%x, new seq 0x%x\n", ! NIPQUAD(hp->saddr),tcph->seq - 3, tcph->seq); ! } ! } ! } ! } ! spin_unlock (&blk_hash_table[hash].lock); ! return NF_ACCEPT; } *************** *** 207,373 **** unsigned int cmd, unsigned long arg) { ! wibro_kuio_msg_t kuio_msg, *pmsg = &kuio_msg; #if 0 ! int err; #endif ! int size; ! unsigned long flags; ! int found = 0; ! struct host *hp; ! struct host *new; ! int ret; ! __u32 src; ! __u32 max_pktrate; ! if (_IOC_TYPE(cmd) != IOCTLWIBRO_MAGIC) ! return -EINVAL; ! if (_IOC_NR(cmd) >= IOCTLWIBRO_MAXNR) ! return -EINVAL; ! size = sizeof (wibro_kuio_msg_t); ! #if 0/* get rid of verify_area */ ! if (size) { ! err = 0; ! if (_IOC_DIR(cmd) & _IOC_WRITE) ! err = verify_area(VERIFY_READ, (void *) arg, size); ! if (err) ! return err; ! } ! #endif ! switch (cmd) { ! case IOCTLWIBRO_REGISTER_SRCBLOCK: ! ret = copy_from_user((void *) pmsg, (const void *) arg, size); ! src = (pmsg->ip); ! max_pktrate = (pmsg->max_pktrate); ! /* register host and block flag */ ! down_write(&srclist_mutex); ! list_for_each_entry(hp, &srclist, list) { ! if (hp->ip == src) { ! if (hp->type == BLOCK_HOST) { ! printk ! ("%s: [BLOCK] %u.%u.%u.%u is already registered\n", ! DEVICE_NAME, NIPQUAD(hp->ip)); ! up_write(&srclist_mutex); ! return -EBADSLT; ! } else { ! write_lock_irqsave(&srclist_lock, ! flags); ! hp->type = BLOCK_HOST; ! write_unlock_irqrestore(&srclist_lock, ! flags); ! printk ! ("%s: [SEQ->BLOCK] %u.%u.%u.%u was successfully updated\n", ! DEVICE_NAME, NIPQUAD(hp->ip)); ! found = 1; ! break; ! } ! } ! } ! if (!found) { ! new = (struct host *) kmalloc(sizeof (struct host), ! in_interrupt()? GFP_ATOMIC ! : GFP_KERNEL); ! if (!new) { ! printk("%s: Fail to malloc\n", DEVICE_NAME); ! up_write(&srclist_mutex); ! return -EFAULT; ! } ! new->ip = src; ! new->type = BLOCK_HOST; ! new->pktcnt = 0; ! new->max_pktrate = max_pktrate; ! write_lock_irqsave(&srclist_lock, flags); ! list_add(&new->list, &srclist); ! write_unlock_irqrestore(&srclist_lock, flags); ! printk("%s: %u.%u.%u.%u successfully inserted\n", ! DEVICE_NAME, NIPQUAD(src)); ! } ! up_write(&srclist_mutex); ! break; ! case IOCTLWIBRO_REGISTER_MODSEQ: ! ret = copy_from_user((void *) pmsg, (const void *) arg, size); ! src = (pmsg->ip); ! /* register host and seq flag */ ! down_write(&srclist_mutex); ! list_for_each_entry(hp, &srclist, list) { ! if (hp->ip == src) { ! if (hp->type == MODIFY_SEQ) { ! printk ! ("%s: [SEQK] %u.%u.%u.%u is already registered\n", ! DEVICE_NAME, NIPQUAD(src)); ! up_write(&srclist_mutex); ! return -EBADSLT; ! } else { ! write_lock_irqsave(&srclist_lock, ! flags); ! hp->type = MODIFY_SEQ; ! write_unlock_irqrestore(&srclist_lock, ! flags); ! printk ! ("%s: [SEQ->BLOCK] %u.%u.%u.%u was successfully updated\n", ! DEVICE_NAME, NIPQUAD(src)); ! found = 1; ! break; ! } ! } ! } ! if (!found) { ! new = (struct host *) kmalloc(sizeof (struct host), ! in_interrupt()? GFP_ATOMIC ! : GFP_KERNEL); ! if (!new) { ! printk("%s: Fail to malloc\n", DEVICE_NAME); ! up_write(&srclist_mutex); ! return -EFAULT; ! } ! new->ip = src; ! new->type = MODIFY_SEQ; ! write_lock_irqsave(&srclist_lock, flags); ! list_add(&new->list, &srclist); ! write_unlock_irqrestore(&srclist_lock, flags); ! printk("%s: %u.%u.%u.%u successfully inserted\n", ! DEVICE_NAME, NIPQUAD(src)); ! } ! up_write(&srclist_mutex); ! break; ! case IOCTLWIBRO_UNREGISTER_HOST: ! ret = copy_from_user((void *) pmsg, (const void *) arg, size); ! src = (pmsg->ip); ! /* unregister host */ ! down_write(&srclist_mutex); ! list_for_each_entry(hp, &srclist, list) { ! if (hp->ip == src) { ! found = 1; ! break; ! } ! } ! if (found) { ! /* remove host */ ! write_lock_irqsave(&srclist_lock, flags); ! list_del(&hp->list); ! write_unlock_irqrestore(&srclist_lock, flags); ! printk("%s: successfully removed (%u.%u.%u.%u)\n", ! DEVICE_NAME, NIPQUAD(src)); ! kfree(hp); ! } else { ! /* no such host */ ! printk("%s: There is no such host(%u.%u.%u.%u)\n", ! DEVICE_NAME, NIPQUAD(src)); ! up_write(&srclist_mutex); ! return -EBADSLT; ! } ! up_write(&srclist_mutex); ! break; } ! return 0; } --- 381,475 ---- unsigned int cmd, unsigned long arg) { ! kuio_msg_t kuio_msg, *pmsg = &kuio_msg; #if 0 ! int err; #endif ! int size; ! int ret; ! __u32 src; ! __u32 max_pktrate; ! if (_IOC_TYPE(cmd) != IOCTLPF_MAGIC) ! return -EINVAL; ! if (_IOC_NR(cmd) >= IOCTLPF_MAXNR) ! return -EINVAL; ! size = sizeof (kuio_msg_t); ! #if 0/* get rid of verify_area it may be obsolete from 2.6.x */ ! ! if (size) { ! err = 0; ! ! if (_IOC_DIR(cmd) & _IOC_WRITE) ! err = verify_area(VERIFY_READ, (void *) arg, size); ! ! if (err) ! return err; ! } ! #endif ! switch (cmd) { ! case IOCTLPF_REGISTER_SRCBLOCK: ! ret = copy_from_user((void *) pmsg, (const void *) arg, size); ! src = (pmsg->ip); ! max_pktrate = (pmsg->max_pktrate); ! /* register host and seq flag */ ! if ( find_host (src) > 0 ) { ! printk ("%s: %u.%u.%u.%u was already registered\n", DEVICE_NAME, NIPQUAD(src)); ! return -EBADSLT; ! ! } else { ! if ( register_host (src, BLOCK_HOST, max_pktrate) < 0 ) { ! return -EFAULT; ! } ! else ! printk ("%s: Success to register %u.%u.%u.%u\n", DEVICE_NAME, NIPQUAD(src)); ! } ! ! break; ! case IOCTLPF_REGISTER_MODSEQ: ! ! ret = copy_from_user((void *) pmsg, (const void *) arg, size); ! src = (pmsg->ip); ! /* register host and seq flag */ ! if ( find_host (src) > 0 ) { ! printk ("%s: %u.%u.%u.%u was already registered\n", DEVICE_NAME, NIPQUAD(src)); ! return -EBADSLT; ! ! } else { ! ! if ( register_host (src, MODIFY_SEQ, 0) < 0 ) { ! return -EFAULT; } + else + printk ("%s: Success to register %u.%u.%u.%u\n", DEVICE_NAME, NIPQUAD(src)); + } ! break; ! ! case IOCTLPF_UNREGISTER_HOST: ! ! ret = copy_from_user((void *) pmsg, (const void *) arg, size); ! src = (pmsg->ip); ! ! ret = unregister_host (src); ! if ( ret < 0 ) ! return -EFAULT; ! ! break; ! ! case IOCTLPF_REFLESH: ! free_blk_hash_table(); ! init_blk_hash_table(); ! break; ! } ! return 0; } *************** *** 375,379 **** device_read(struct file *filp, char *buf, size_t count, loff_t * f_pos) { ! return -EFAULT; } --- 477,481 ---- device_read(struct file *filp, char *buf, size_t count, loff_t * f_pos) { ! return -EFAULT; } *************** *** 381,385 **** device_write(struct file *filp, const char *buf, size_t count, loff_t * f_pos) { ! return -EFAULT; } --- 483,487 ---- device_write(struct file *filp, const char *buf, size_t count, loff_t * f_pos) { ! return -EFAULT; } *************** *** 396,412 **** init_kuio(void) { - int ret; - printk("%s: Loading kernel vs user IO module ... \n", KUIO_DEVICE_NAME); ! if ((ret = ! register_chrdev(KUIO_MAJOR_NUM, KUIO_DEVICE_NAME, ! &device_fops)) < 0) { ! printk("%s: Registration failed (%d)\n", KUIO_DEVICE_NAME, ret); ! return ret; ! } ! printk("%s: Registered with major Number = %d\n", KUIO_DEVICE_NAME, ! KUIO_MAJOR_NUM); ! return 0; } --- 498,513 ---- init_kuio(void) { ! int ret; ! printk("%s: Loading kernel vs user IO module ... \n", KUIO_DEVICE_NAME); ! if ((ret = register_chrdev(KUIO_MAJOR_NUM, KUIO_DEVICE_NAME,&device_fops)) < 0) { ! ! printk("%s: Registration failed (%d)\n", KUIO_DEVICE_NAME, ret); ! return ret; ! } ! ! printk("%s: Registered with major Number = %d\n", KUIO_DEVICE_NAME,KUIO_MAJOR_NUM); ! return 0; } *************** *** 414,423 **** exit_kuio(void) { ! int ret; ! ! printk("%s: Unloading kernel vs user I/O module\n", KUIO_DEVICE_NAME); ! if ((ret = unregister_chrdev(KUIO_MAJOR_NUM, KUIO_DEVICE_NAME)) < 0) ! printk("%s: Device unregistration failed (%d)\n", ! KUIO_DEVICE_NAME, ret); } --- 515,523 ---- exit_kuio(void) { ! int ret; ! ! printk("%s: Unloading kernel vs user I/O module\n", DEVICE_NAME); ! if ((ret = unregister_chrdev(KUIO_MAJOR_NUM, DEVICE_NAME)) < 0) ! printk("%s: Device unregistration failed (%d)\n", DEVICE_NAME, ret); } *************** *** 425,437 **** init_pf(void) { ! printk("%s: Start pf modules ...\n", DEVICE_NAME); ! wibro_iphook.hook = wibro_ip_hook_func; ! wibro_iphook.hooknum = NF_IP_PRE_ROUTING; ! wibro_iphook.pf = PF_INET; ! wibro_iphook.priority = NF_IP_PRI_FIRST; ! nf_register_hook(&wibro_iphook); ! ! return 0; } --- 525,536 ---- init_pf(void) { + printk("%s: Register nfhook ...\n", DEVICE_NAME); + iphook_tab.hook = ip_hook_func; + iphook_tab.hooknum = NF_IP_PRE_ROUTING; + iphook_tab.pf = PF_INET; + iphook_tab.priority = NF_IP_PRI_FIRST; + nf_register_hook(&iphook_tab); ! return 0; } *************** *** 439,493 **** exit_pf(void) { ! ! printk("%s: Unloading pf modules...\n", DEVICE_NAME); ! nf_unregister_hook(&wibro_iphook); ! ! return 0; } static int __init ! wibro_nf_iphook_init(void) { ! printk("%s: Loading %s module ...\n", DEVICE_NAME, DEVICE_NAME); ! init_pf(); ! init_kuio(); ! rwlock_init(&srclist_lock); ! init_rwsem(&srclist_mutex); ! init_timer(&pc_alz); ! set_timer(); ! return 0; ! } ! static void ! free_src_list(void) ! { ! struct host *dp; ! while (!list_empty(&srclist)) { ! struct list_head *tmp; ! list_for_each(tmp, &srclist) { ! dp = list_entry(tmp, struct host, list); ! list_del(&dp->list); ! kfree(dp); ! break; ! } ! } } static void __exit ! wibro_nf_iphook_exit(void) { ! ! printk("%s: Unloading %s modules...\n", DEVICE_NAME, DEVICE_NAME); ! exit_pf(); ! exit_kuio(); ! del_timer(&pc_alz); ! free_src_list(); } ! module_init(wibro_nf_iphook_init); ! module_exit(wibro_nf_iphook_exit); ! module_param(debug_pf, int, 0444); ! MODULE_PARM_DESC(debug_pf, "enable pfilter debug output (default 0 off)"); MODULE_LICENSE("Dual BSD/GPL"); MODULE_AUTHOR("jeho park <par...@ho...>"); --- 538,579 ---- exit_pf(void) { ! printk("%s: Unregister nfhook modules...\n", DEVICE_NAME); ! nf_unregister_hook(&iphook_tab); ! return 0; } static int __init ! cherokee_pf_init(void) { ! printk("%s: Loading %s module ...\n", DEVICE_NAME, DEVICE_NAME); ! if ( init_blk_hash_table() < 0 ) { ! return 0; ! } ! init_pf(); ! init_kuio(); ! init_timer(&pc_alz); ! set_timer(); ! return 0; } static void __exit ! cherokee_pf_exit(void) { ! printk("%s: Unloading %s modules...\n", DEVICE_NAME, DEVICE_NAME); ! exit_pf(); ! ! if ( free_blk_hash_table() < 0 ) { ! printk ("%s: Failed to free all resources\n", DEVICE_NAME); ! } ! exit_kuio(); ! del_timer(&pc_alz); } ! module_init(cherokee_pf_init); ! module_exit(cherokee_pf_exit); ! module_param(debug, int, 0444); ! MODULE_PARM_DESC(debug, "enable pfilter debug output (default 0 off)"); MODULE_LICENSE("Dual BSD/GPL"); MODULE_AUTHOR("jeho park <par...@ho...>"); Index: sysioctl.h =================================================================== RCS file: /cvsroot/netadm/gwc/pf/sysioctl.h,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -C2 -d -r1.1.1.1 -r1.2 *** sysioctl.h 30 Jan 2006 17:41:25 -0000 1.1.1.1 --- sysioctl.h 17 Feb 2006 06:59:00 -0000 1.2 *************** *** 9,26 **** #ident "@(#) $Header$" ! #ifndef _IOCTLWIBRO_H_ ! #define _IOCTLWIBRO_H_ ! #define IOCTLWIBRO_MAGIC 't' typedef struct { __u32 ip; __u32 max_pktrate; ! } __attribute__ ((packed)) wibro_kuio_msg_t; ! #define IOCTLWIBRO_REGISTER_SRCBLOCK _IO (IOCTLWIBRO_MAGIC, 0) ! #define IOCTLWIBRO_REGISTER_MODSEQ _IO (IOCTLWIBRO_MAGIC, 1) ! #define IOCTLWIBRO_UNREGISTER_HOST _IO (IOCTLWIBRO_MAGIC, 2) ! #define IOCTLWIBRO_MAXNR 3 ! #endif /* _IOCTLWIBRO_H_ */ --- 9,27 ---- #ident "@(#) $Header$" ! #ifndef _IOCTLPF_H_ ! #define _IOCTLPF_H_ ! #define IOCTLPF_MAGIC 't' typedef struct { __u32 ip; __u32 max_pktrate; ! } __attribute__ ((packed)) kuio_msg_t; ! #define IOCTLPF_REGISTER_SRCBLOCK _IO (IOCTLPF_MAGIC, 0) ! #define IOCTLPF_REGISTER_MODSEQ _IO (IOCTLPF_MAGIC, 1) ! #define IOCTLPF_UNREGISTER_HOST _IO (IOCTLPF_MAGIC, 2) ! #define IOCTLPF_REFLESH _IO (IOCTLPF_MAGIC, 3) ! #define IOCTLPF_MAXNR 4 ! #endif /* _IOCTLPF_H_ */ |
