diff options
| author |   claudio <claudio@openbsd.org> | 2009-11-03 10:59:04 +0000 |
|---|---|---|
| committer | claudio <claudio@openbsd.org> | 2009-11-03 10:59:04 +0000 |
| commit | 7d3e2ec58b6d4be05995eca25f2bb0f69aabb677 (patch) | |
| tree | 4f9f5ad68c6b02e17c9c68c946ecdcff5d429b90 /sys/netinet/tcp_input.c | |
| parent | Don't need regex.h and remove two declarations that are now in smtpd.h. (diff) | |
| download | wireguard-openbsd-7d3e2ec58b6d4be05995eca25f2bb0f69aabb677.tar.xz wireguard-openbsd-7d3e2ec58b6d4be05995eca25f2bb0f69aabb677.zip | |
rtables are stacked on rdomains (it is possible to have multiple routing
tables on top of a rdomain) but until now our code was a crazy mix so that
it was impossible to correctly use rtables in that case. Additionally pf(4)
only knows about rtables and not about rdomains. This is especially bad when
tracking (possibly conflicting) states in various domains.
This diff fixes all or most of these issues. It adds a lookup function to
get the rdomain id based on a rtable id. Makes pf understand rdomains and
allows pf to move packets between rdomains (it is similar to NAT).
Because pf states now track the rdomain id as well it is necessary to modify
the pfsync wire format. So old and new systems will not sync up.
A lot of help by dlg@, tested by sthen@, jsg@ and probably more
OK dlg@, mpf@, deraadt@
Diffstat (limited to 'sys/netinet/tcp_input.c')
| -rw-r--r-- | sys/netinet/tcp_input.c | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c index b4099c3606c..dea6cdf2923 100644 --- a/sys/netinet/tcp_input.c +++ b/sys/netinet/tcp_input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tcp_input.c,v 1.228 2009/08/20 13:25:42 bluhm Exp $ */ +/* $OpenBSD: tcp_input.c,v 1.229 2009/11/03 10:59:04 claudio Exp $ */ /* $NetBSD: tcp_input.c,v 1.23 1996/02/13 23:43:44 christos Exp $ */ /* @@ -3579,7 +3579,7 @@ syn_cache_lookup(struct sockaddr *src, struct sockaddr *dst, continue; if (!bcmp(&sc->sc_src, src, src->sa_len) && !bcmp(&sc->sc_dst, dst, dst->sa_len) && - rdomain == sc->sc_rdomain) { + rtable_l2(rdomain) == rtable_l2(sc->sc_rdomain)) { splx(s); return (sc); } @@ -3625,7 +3625,7 @@ syn_cache_get(struct sockaddr *src, struct sockaddr *dst, struct tcphdr *th, s = splsoftnet(); if ((sc = syn_cache_lookup(src, dst, &scp, - m->m_pkthdr.rdomain)) == NULL) { + sotoinpcb(so)->inp_rdomain)) == NULL) { splx(s); return (NULL); } @@ -4001,8 +4001,8 @@ syn_cache_add(struct sockaddr *src, struct sockaddr *dst, struct tcphdr *th, * If we do, resend the SYN,ACK. We do not count this * as a retransmission (XXX though maybe we should). */ - if ((sc = syn_cache_lookup(src, dst, &scp, m->m_pkthdr.rdomain)) != - NULL) { + if ((sc = syn_cache_lookup(src, dst, &scp, sotoinpcb(so)->inp_rdomain)) + != NULL) { tcpstat.tcps_sc_dupesyn++; if (ipopts) { /* @@ -4036,7 +4036,7 @@ syn_cache_add(struct sockaddr *src, struct sockaddr *dst, struct tcphdr *th, bzero(&sc->sc_timer, sizeof(sc->sc_timer)); bcopy(src, &sc->sc_src, src->sa_len); bcopy(dst, &sc->sc_dst, dst->sa_len); - sc->sc_rdomain = m->m_pkthdr.rdomain; + sc->sc_rdomain = sotoinpcb(so)->inp_rdomain; sc->sc_flags = 0; sc->sc_ipopts = ipopts; sc->sc_irs = th->th_seq; |