diff options
| author |   oga <oga@openbsd.org> | 2011-05-13 14:31:16 +0000 |
|---|---|---|
| committer | oga <oga@openbsd.org> | 2011-05-13 14:31:16 +0000 |
| commit | dda46e081c914a53cca99225de98dcc0d41f936f (patch) | |
| tree | 9f9378fa5ad43027f94b90608eae22f35d13b6c1 /sys/netinet/raw_ip.c | |
| parent | replace handrolled NELEM() with nitems() (diff) | |
| download | wireguard-openbsd-dda46e081c914a53cca99225de98dcc0d41f936f.tar.xz wireguard-openbsd-dda46e081c914a53cca99225de98dcc0d41f936f.zip | |
Revert the pf->socket linking diff.
at least krw@, pirofti@ and todd@ have been seeing panics (todd and krw
with xxxterm not sure about pirofti) involving pool corruption while
using this commit.
krw and todd confirm that this backout fixes the problem.
ok blambert@ krw@, todd@ henning@ and kettenis@
Double link between pf states and sockets. Henning has
already implemented half of it. The additional part is: -
The pf state lookup for outgoing packets is optimized by
using mbuf->inp->state.
- For incomming tcp, udp, raw, raw6 packets the socket
lookup always is optimized by using mbuf->state->inp.
- All protocols establish the link for incomming packets.
- All protocols set the inp in the mbuf for outgoing packets.
This allows the linkage beginning with the first packet
for outgoing connections.
- In case of divert states, delete the state when the socket
closes. Otherwise new connections could match on old
states instead of being diverted to the listen socket.
ok henning@
Diffstat (limited to 'sys/netinet/raw_ip.c')
| -rw-r--r-- | sys/netinet/raw_ip.c | 17 |
1 files changed, 1 insertions, 16 deletions
diff --git a/sys/netinet/raw_ip.c b/sys/netinet/raw_ip.c index efac6a6d96c..9e2797aac3e 100644 --- a/sys/netinet/raw_ip.c +++ b/sys/netinet/raw_ip.c @@ -1,4 +1,4 @@ -/* $OpenBSD: raw_ip.c,v 1.57 2011/04/28 09:56:27 claudio Exp $ */ +/* $OpenBSD: raw_ip.c,v 1.58 2011/05/13 14:31:16 oga Exp $ */ /* $NetBSD: raw_ip.c,v 1.25 1996/02/18 18:58:33 christos Exp $ */ /* @@ -157,16 +157,6 @@ rip_input(struct mbuf *m, ...) if (inp->inp_faddr.s_addr && inp->inp_faddr.s_addr != ip->ip_src.s_addr) continue; -#if NPF > 0 - if (m->m_pkthdr.pf.statekey && !inp->inp_pf_sk && - !((struct pf_state_key *)m->m_pkthdr.pf.statekey)->inp && - (inp->inp_socket->so_state & SS_ISCONNECTED) && - ip->ip_p != IPPROTO_ICMP) { - ((struct pf_state_key *)m->m_pkthdr.pf.statekey)->inp = - inp; - inp->inp_pf_sk = m->m_pkthdr.pf.statekey; - } -#endif if (last) { struct mbuf *n; @@ -287,11 +277,6 @@ rip_output(struct mbuf *m, ...) /* force routing domain */ m->m_pkthdr.rdomain = inp->inp_rtableid; -#if NPF > 0 - if (inp->inp_socket->so_state & SS_ISCONNECTED && - ip->ip_p != IPPROTO_ICMP) - m->m_pkthdr.pf.inp = inp; -#endif error = ip_output(m, inp->inp_options, &inp->inp_route, flags, inp->inp_moptions, inp); if (error == EACCES) /* translate pf(4) error for userland */ |