diff options
| author |   bluhm <bluhm@openbsd.org> | 2011-09-18 10:40:54 +0000 |
|---|---|---|
| committer | bluhm <bluhm@openbsd.org> | 2011-09-18 10:40:54 +0000 |
| commit | fb9fe53b92080261450b9b807e770bc5ac929b23 (patch) | |
| tree | 31b4412c2d9f3a6d1e99ae6c7074bae406a894c9 | |
| parent | sync to mandoc 1.11.5: (diff) | |
| download | wireguard-openbsd-fb9fe53b92080261450b9b807e770bc5ac929b23.tar.xz wireguard-openbsd-fb9fe53b92080261450b9b807e770bc5ac929b23.zip | |
Move the call to pf_test_rule() for fragments that have not been
reassembled by normalization from pf_setup_pdesc() to pf_test().
This simplifies the paramter list of pf_setup_pdesc() as it can
concentrate on its job filling the pf_pdesc struct.
ok henning mpf
| -rw-r--r-- | sys/net/if_pflog.c | 5 | ||||
| -rw-r--r-- | sys/net/pf.c | 37 | ||||
| -rw-r--r-- | sys/net/pfvar.h | 7 |
3 files changed, 21 insertions, 28 deletions
diff --git a/sys/net/if_pflog.c b/sys/net/if_pflog.c index 7ff27989fd5..4927b116b44 100644 --- a/sys/net/if_pflog.c +++ b/sys/net/if_pflog.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_pflog.c,v 1.38 2011/07/07 00:47:18 mcbride Exp $ */ +/* $OpenBSD: if_pflog.c,v 1.39 2011/09/18 10:40:54 bluhm Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr) and @@ -273,7 +273,6 @@ pflog_bpfcopy(const void *src_arg, void *dst_arg, size_t len) { const struct mbuf *m; struct pfloghdr *pfloghdr; - struct pf_state *s = NULL; u_int count; u_char *dst; u_short action, reason; @@ -338,7 +337,7 @@ pflog_bpfcopy(const void *src_arg, void *dst_arg, size_t len) memset(&pd, 0, sizeof(pd)); pd.hdr.any = &pf_hdrs; if (pf_setup_pdesc(pfloghdr->af, pfloghdr->dir, &pd, &mfake, &action, - &reason, NULL, NULL, NULL, &s, NULL, &off, &hdrlen) == -1) + &reason, &off, &hdrlen) == -1) return; PF_ACPY(&osaddr, pd.src, pd.af); diff --git a/sys/net/pf.c b/sys/net/pf.c index bd2dc0ec8b5..e74ab70fb31 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.774 2011/09/17 16:01:55 bluhm Exp $ */ +/* $OpenBSD: pf.c,v 1.775 2011/09/18 10:40:55 bluhm Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -5588,9 +5588,7 @@ pf_walk_header6(struct mbuf *m, struct ip6_hdr *h, int *off, int *extoff, int pf_setup_pdesc(sa_family_t af, int dir, struct pf_pdesc *pd, struct mbuf **m0, - u_short *action, u_short *reason, struct pfi_kif *kif, struct pf_rule **a, - struct pf_rule **r, struct pf_state **s, struct pf_ruleset **ruleset, - int *off, int *hdrlen) + u_short *action, u_short *reason, int *off, int *hdrlen) { struct mbuf *m = *m0; @@ -5749,19 +5747,6 @@ pf_setup_pdesc(sa_family_t af, int dir, struct pf_pdesc *pd, struct mbuf **m0, PF_ACPY(&pd->ndaddr, pd->dst, pd->af); switch (pd->virtual_proto) { - case PF_VPROTO_FRAGMENT: - /* - * handle fragments that aren't reassembled by - * normalization - */ - if (kif == NULL || r == NULL) /* pflog */ - *action = PF_DROP; - else - *action = pf_test_rule(r, s, dir, kif, - m, *off, pd, a, ruleset, *hdrlen); - if (*action != PF_PASS) - REASON_SET(reason, PFRES_FRAG); - return (-1); case IPPROTO_TCP: { struct tcphdr *th = pd->hdr.tcp; @@ -5935,8 +5920,8 @@ pf_test(sa_family_t af, int fwdir, struct ifnet *ifp, struct mbuf **m0, return (PF_PASS); } - if (pf_setup_pdesc(af, dir, &pd, m0, &action, &reason, kif, &a, &r, &s, - &ruleset, &off, &hdrlen) == -1) { + if (pf_setup_pdesc(af, dir, &pd, m0, &action, &reason, &off, &hdrlen) + == -1) { if (action == PF_PASS) return (PF_PASS); m = *m0; @@ -5946,7 +5931,19 @@ pf_test(sa_family_t af, int fwdir, struct ifnet *ifp, struct mbuf **m0, pd.eh = eh; m = *m0; /* pf_setup_pdesc -> pf_normalize messes with m0 */ - switch (pd.proto) { + switch (pd.virtual_proto) { + + case PF_VPROTO_FRAGMENT: { + /* + * handle fragments that aren't reassembled by + * normalization + */ + action = pf_test_rule(&r, &s, dir, kif, + m, off, &pd, &a, &ruleset, hdrlen); + if (action != PF_PASS) + REASON_SET(&reason, PFRES_FRAG); + break; + } case IPPROTO_TCP: { if ((pd.hdr.tcp->th_flags & TH_ACK) && pd.p_len == 0) diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h index e76dc304e5d..4ed8543b0fe 100644 --- a/sys/net/pfvar.h +++ b/sys/net/pfvar.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pfvar.h,v 1.345 2011/09/17 16:01:55 bluhm Exp $ */ +/* $OpenBSD: pfvar.h,v 1.346 2011/09/18 10:40:55 bluhm Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -1771,10 +1771,7 @@ void pf_purge_rule(struct pf_ruleset *, struct pf_divert *pf_find_divert(struct mbuf *); int pf_setup_pdesc(sa_family_t, int, struct pf_pdesc *, struct mbuf **, - u_short *, u_short *, struct pfi_kif *, - struct pf_rule **, struct pf_rule **, - struct pf_state **, struct pf_ruleset **, - int *, int *); + u_short *, u_short *, int *, int *); int pf_test(sa_family_t, int, struct ifnet *, struct mbuf **, struct ether_header *); |