xnu-517.9.5.tar.gz

[apple/xnu.git] / bsd / netinet / raw_ip.c

diff --git a/bsd/netinet/raw_ip.c b/bsd/netinet/raw_ip.c
index cf4f38aa6680ea9b734a868cf7988a8007b55e4e..60f2ce01bc2d8743689ad7b8c8c8a3985290769a 100644 (file)
--- a/bsd/netinet/raw_ip.c
+++ b/bsd/netinet/raw_ip.c
@@ -297,6 +297,23 @@ rip_output(m, so, dst)
                          inp->inp_moptions));
 }
 
+int
+load_ipfw()
+{
+       kern_return_t   err;
+       
+       /* Load the kext by the identifier */
+       err = kmod_load_extension("com.apple.nke.IPFirewall");
+       if (err) return err;
+       
+       if (ip_fw_ctl_ptr == NULL) {
+               /* Wait for the kext to finish loading */
+               err = tsleep(&ip_fw_ctl_ptr, PWAIT | PCATCH, "load_ipfw_kext", 5 * 60 /* 5 seconds */);
+       }
+       
+       return err == 0 && ip_fw_ctl_ptr == NULL ? -1 : err;
+}
+
 /*
  * Raw IP socket option processing.
  */
@@ -331,9 +348,11 @@ rip_ctloutput(so, sopt)
                case IP_OLD_FW_ADD:
                case IP_OLD_FW_GET:
                        if (ip_fw_ctl_ptr == 0)
-                               error = ENOPROTOOPT;
-                       else
+                               error = load_ipfw();
+                       if (ip_fw_ctl_ptr && error == 0)
                                error = ip_fw_ctl_ptr(sopt);
+                       else
+                               error = ENOPROTOOPT;
                        break;
 
 #if DUMMYNET
@@ -398,9 +417,11 @@ rip_ctloutput(so, sopt)
                case IP_OLD_FW_ZERO:
                case IP_OLD_FW_RESETLOG:
                        if (ip_fw_ctl_ptr == 0)
-                               error = ENOPROTOOPT;
-                       else
+                               error = load_ipfw();
+                       if (ip_fw_ctl_ptr && error == 0)
                                error = ip_fw_ctl_ptr(sopt);
+                       else
+                               error = ENOPROTOOPT;
                        break;
 
 #if DUMMYNET