1 /* 2 * Copyright (c) 2008 The DragonFly Project. All rights reserved. 3 * 4 * This code is derived from software contributed to The DragonFly Project 5 * by Sepherosa Ziehau <sepherosa@gmail.com> 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in 15 * the documentation and/or other materials provided with the 16 * distribution. 17 * 3. Neither the name of The DragonFly Project nor the names of its 18 * contributors may be used to endorse or promote products derived 19 * from this software without specific, prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 22 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 23 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 24 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 25 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 26 * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING, 27 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 28 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 29 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 30 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 31 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 * 34 * $DragonFly: src/sys/net/ipfw/ip_fw2_glue.c,v 1.3 2008/09/13 10:23:39 sephe Exp $ 35 */ 36 37 #include <sys/param.h> 38 #include <sys/socketvar.h> 39 40 #include <net/if.h> 41 #include <net/netisr.h> 42 #include <net/netmsg2.h> 43 44 #include <netinet/in.h> 45 46 #include <net/ipfw/ip_fw2.h> 47 48 ip_fw_chk_t *ip_fw_chk_ptr; 49 ip_fw_dn_io_t *ip_fw_dn_io_ptr; 50 int ip_fw_loaded; 51 int fw_enable = 1; 52 int fw_one_pass = 1; 53 54 static void ip_fw_sockopt_dispatch(netmsg_t msg); 55 56 int 57 ip_fw_sockopt(struct sockopt *sopt) 58 { 59 struct netmsg_base smsg; 60 61 /* 62 * Disallow modifications in really-really secure mode, but still allow 63 * the logging counters to be reset. 64 */ 65 if (sopt->sopt_name == IP_FW_ADD || 66 (sopt->sopt_dir == SOPT_SET && sopt->sopt_name != IP_FW_RESETLOG)) { 67 if (securelevel >= 3) 68 return EPERM; 69 } 70 71 netmsg_init(&smsg, NULL, &curthread->td_msgport, 72 0, ip_fw_sockopt_dispatch); 73 smsg.lmsg.u.ms_resultp = sopt; 74 return lwkt_domsg(IPFW_CFGPORT, &smsg.lmsg, 0); 75 } 76 77 static void 78 ip_fw_sockopt_dispatch(netmsg_t msg) 79 { 80 struct sockopt *sopt = msg->lmsg.u.ms_resultp; 81 int error; 82 83 KKASSERT(mycpuid == 0); 84 85 if (IPFW_LOADED) 86 error = ip_fw_ctl_ptr(sopt); 87 else 88 error = ENOPROTOOPT; 89 lwkt_replymsg(&msg->lmsg, error); 90 } 91