diff options
| author |   bluhm <bluhm@openbsd.org> | 2016-10-27 21:41:20 +0000 |
|---|---|---|
| committer | bluhm <bluhm@openbsd.org> | 2016-10-27 21:41:20 +0000 |
| commit | f74a4c70c2730ebe0138f562824a378c9d164d59 (patch) | |
| tree | d9d7f298fb295e4ecea38081133ee01543a210f1 | |
| parent | We don't generate an eddep script for kernel builds nowadays. The last (diff) | |
| download | wireguard-openbsd-f74a4c70c2730ebe0138f562824a378c9d164d59.tar.xz wireguard-openbsd-f74a4c70c2730ebe0138f562824a378c9d164d59.zip | |
Pass a struct pf_pdesc to pf_route() like it is done in the other
pf functions. That means less parameters, more consistency and
later we can call functions that need a pd from pf_route().
OK sashan@
| -rw-r--r-- | sys/net/if_pfsync.c | 41 | ||||
| -rw-r--r-- | sys/net/pf.c | 28 | ||||
| -rw-r--r-- | sys/net/pfvar.h | 10 |
3 files changed, 42 insertions, 37 deletions
diff --git a/sys/net/if_pfsync.c b/sys/net/if_pfsync.c index 00587f0d04e..e94c0583a5b 100644 --- a/sys/net/if_pfsync.c +++ b/sys/net/if_pfsync.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_pfsync.c,v 1.235 2016/10/04 13:54:32 mpi Exp $ */ +/* $OpenBSD: if_pfsync.c,v 1.236 2016/10/27 21:41:20 bluhm Exp $ */ /* * Copyright (c) 2002 Michael Shalayeff @@ -59,19 +59,19 @@ #include <net/if_types.h> #include <net/bpf.h> #include <net/netisr.h> + #include <netinet/in.h> #include <netinet/if_ether.h> -#include <netinet/tcp.h> -#include <netinet/tcp_seq.h> -#include <netinet/tcp_fsm.h> - -#include <netinet/in_var.h> #include <netinet/ip.h> +#include <netinet/in_var.h> #include <netinet/ip_var.h> - -#ifdef IPSEC #include <netinet/ip_ipsp.h> -#endif /* IPSEC */ +#include <netinet/ip_icmp.h> +#include <netinet/icmp6.h> +#include <netinet/tcp.h> +#include <netinet/tcp_seq.h> +#include <netinet/tcp_fsm.h> +#include <netinet/udp.h> #ifdef INET6 #include <netinet6/in6_var.h> @@ -87,7 +87,7 @@ #define PF_DEBUGNAME "pfsync: " #include <net/pfvar.h> -#include <netinet/ip_ipsp.h> +#include <net/pfvar_priv.h> #include <net/if_pfsync.h> #include "bpfilter.h" @@ -1732,6 +1732,8 @@ void pfsync_undefer(struct pfsync_deferral *pd, int drop) { struct pfsync_softc *sc = pfsyncif; + struct pf_pdesc pdesc; + union pf_headers pdhdrs; splsoftassert(IPL_SOFTNET); @@ -1743,17 +1745,22 @@ pfsync_undefer(struct pfsync_deferral *pd, int drop) m_freem(pd->pd_m); else { if (pd->pd_st->rule.ptr->rt == PF_ROUTETO) { + if (pf_setup_pdesc(&pdesc, &pdhdrs, + pd->pd_st->key[PF_SK_WIRE]->af, + pd->pd_st->direction, pd->pd_st->rt_kif, + pd->pd_m, NULL) != PF_PASS) { + m_freem(pd->pd_m); + goto out; + } switch (pd->pd_st->key[PF_SK_WIRE]->af) { case AF_INET: - pf_route(&pd->pd_m, pd->pd_st->rule.ptr, - pd->pd_st->direction, - pd->pd_st->rt_kif->pfik_ifp, pd->pd_st); + pf_route(&pd->pd_m, &pdesc, + pd->pd_st->rule.ptr, pd->pd_st); break; #ifdef INET6 case AF_INET6: - pf_route6(&pd->pd_m, pd->pd_st->rule.ptr, - pd->pd_st->direction, - pd->pd_st->rt_kif->pfik_ifp, pd->pd_st); + pf_route6(&pd->pd_m, &pdesc, + pd->pd_st->rule.ptr, pd->pd_st); break; #endif /* INET6 */ } @@ -1772,7 +1779,7 @@ pfsync_undefer(struct pfsync_deferral *pd, int drop) } } } - + out: pool_put(&sc->sc_pool, pd); } diff --git a/sys/net/pf.c b/sys/net/pf.c index cd9eeeaa899..01e46d0d0a0 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.994 2016/10/26 21:07:22 bluhm Exp $ */ +/* $OpenBSD: pf.c,v 1.995 2016/10/27 21:41:20 bluhm Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -5782,7 +5782,7 @@ pf_rtlabel_match(struct pf_addr *addr, sa_family_t af, struct pf_addr_wrap *aw, } void -pf_route(struct mbuf **m, struct pf_rule *r, int dir, struct ifnet *oifp, +pf_route(struct mbuf **m, struct pf_pdesc *pd, struct pf_rule *r, struct pf_state *s) { struct mbuf *m0, *m1; @@ -5795,8 +5795,7 @@ pf_route(struct mbuf **m, struct pf_rule *r, int dir, struct ifnet *oifp, int error = 0; unsigned int rtableid; - if (m == NULL || *m == NULL || r == NULL || - (dir != PF_IN && dir != PF_OUT) || oifp == NULL) + if (m == NULL || *m == NULL || r == NULL) panic("pf_route: invalid parameters"); if ((*m)->m_pkthdr.pf.routed++ > 3) { @@ -5809,7 +5808,7 @@ pf_route(struct mbuf **m, struct pf_rule *r, int dir, struct ifnet *oifp, if ((m0 = m_dup_pkt(*m, max_linkhdr, M_NOWAIT)) == NULL) return; } else { - if ((r->rt == PF_REPLYTO) == (r->direction == dir)) + if ((r->rt == PF_REPLYTO) == (r->direction == pd->dir)) return; m0 = *m; } @@ -5874,7 +5873,7 @@ pf_route(struct mbuf **m, struct pf_rule *r, int dir, struct ifnet *oifp, goto bad; - if (oifp != ifp) { + if (pd->kif->pfik_ifp != ifp) { if (pf_test(AF_INET, PF_OUT, ifp, &m0) != PF_PASS) goto bad; else if (m0 == NULL) @@ -5949,7 +5948,7 @@ bad: #ifdef INET6 void -pf_route6(struct mbuf **m, struct pf_rule *r, int dir, struct ifnet *oifp, +pf_route6(struct mbuf **m, struct pf_pdesc *pd, struct pf_rule *r, struct pf_state *s) { struct mbuf *m0; @@ -5962,8 +5961,7 @@ pf_route6(struct mbuf **m, struct pf_rule *r, int dir, struct ifnet *oifp, struct m_tag *mtag; unsigned int rtableid; - if (m == NULL || *m == NULL || r == NULL || - (dir != PF_IN && dir != PF_OUT) || oifp == NULL) + if (m == NULL || *m == NULL || r == NULL) panic("pf_route6: invalid parameters"); if ((*m)->m_pkthdr.pf.routed++ > 3) { @@ -5976,7 +5974,7 @@ pf_route6(struct mbuf **m, struct pf_rule *r, int dir, struct ifnet *oifp, if ((m0 = m_dup_pkt(*m, max_linkhdr, M_NOWAIT)) == NULL) return; } else { - if ((r->rt == PF_REPLYTO) == (r->direction == dir)) + if ((r->rt == PF_REPLYTO) == (r->direction == pd->dir)) return; m0 = *m; } @@ -6022,7 +6020,7 @@ pf_route6(struct mbuf **m, struct pf_rule *r, int dir, struct ifnet *oifp, if (ifp == NULL) goto bad; - if (oifp != ifp) { + if (pd->kif->pfik_ifp != ifp) { if (pf_test(AF_INET6, PF_OUT, ifp, &m0) != PF_PASS) goto bad; else if (m0 == NULL) @@ -6923,9 +6921,9 @@ done: break; } if (pd.naf == AF_INET) - pf_route(&pd.m, r, dir, kif->pfik_ifp, s); + pf_route(&pd.m, &pd, r, s); if (pd.naf == AF_INET6) - pf_route6(&pd.m, r, dir, kif->pfik_ifp, s); + pf_route6(&pd.m, &pd, r, s); *m0 = NULL; action = PF_PASS; break; @@ -6939,11 +6937,11 @@ done: if (r->rt) { switch (pd.af) { case AF_INET: - pf_route(m0, r, pd.dir, pd.kif->pfik_ifp, s); + pf_route(m0, &pd, r, s); break; #ifdef INET6 case AF_INET6: - pf_route6(m0, r, pd.dir, pd.kif->pfik_ifp, s); + pf_route6(m0, &pd, r, s); break; #endif /* INET6 */ } diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h index 872016f4584..dbb26a9437f 100644 --- a/sys/net/pfvar.h +++ b/sys/net/pfvar.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pfvar.h,v 1.442 2016/10/26 21:07:22 bluhm Exp $ */ +/* $OpenBSD: pfvar.h,v 1.443 2016/10/27 21:41:20 bluhm Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -1710,10 +1710,10 @@ int pf_state_key_attach(struct pf_state_key *, struct pf_state *, int); int pf_translate(struct pf_pdesc *, struct pf_addr *, u_int16_t, struct pf_addr *, u_int16_t, u_int16_t, int); int pf_translate_af(struct pf_pdesc *); -void pf_route(struct mbuf **, struct pf_rule *, int, - struct ifnet *, struct pf_state *); -void pf_route6(struct mbuf **, struct pf_rule *, int, - struct ifnet *, struct pf_state *); +void pf_route(struct mbuf **, struct pf_pdesc *, struct pf_rule *, + struct pf_state *); +void pf_route6(struct mbuf **, struct pf_pdesc *, struct pf_rule *, + struct pf_state *); void pfr_initialize(void); int pfr_match_addr(struct pfr_ktable *, struct pf_addr *, sa_family_t); |