diff options
| author |   bluhm <bluhm@openbsd.org> | 2011-04-24 19:36:54 +0000 |
|---|---|---|
| committer | bluhm <bluhm@openbsd.org> | 2011-04-24 19:36:54 +0000 |
| commit | 806fbec1d553e93c38dd90d3d16e0d84e730756a (patch) | |
| tree | 1bfed0d9f934e624cafab1652a1ebe63e84ffa00 /sys/netinet/udp_usrreq.c | |
| parent | Prevent line breaks right before numbers. Groff does the same. (diff) | |
| download | wireguard-openbsd-806fbec1d553e93c38dd90d3d16e0d84e730756a.tar.xz wireguard-openbsd-806fbec1d553e93c38dd90d3d16e0d84e730756a.zip | |
Double link between pf states and sockets. Henning has already
implemented half of it. The additional part is:
- The pf state lookup for outgoing packets is optimized by using
mbuf->inp->state.
- For incomming tcp, udp, raw, raw6 packets the socket lookup always
is optimized by using mbuf->state->inp.
- All protocols establish the link for incomming packets.
- All protocols set the inp in the mbuf for outgoing packets.
This allows the linkage beginning with the first packet for
outgoing connections.
- In case of divert states, delete the state when the socket closes.
Otherwise new connections could match on old states instead of
being diverted to the listen socket.
ok henning@
Diffstat (limited to 'sys/netinet/udp_usrreq.c')
| -rw-r--r-- | sys/netinet/udp_usrreq.c | 17 |
1 files changed, 15 insertions, 2 deletions
diff --git a/sys/netinet/udp_usrreq.c b/sys/netinet/udp_usrreq.c index 08a7d13317b..42daf24c458 100644 --- a/sys/netinet/udp_usrreq.c +++ b/sys/netinet/udp_usrreq.c @@ -1,4 +1,4 @@ -/* $OpenBSD: udp_usrreq.c,v 1.140 2011/04/05 18:01:21 henning Exp $ */ +/* $OpenBSD: udp_usrreq.c,v 1.141 2011/04/24 19:36:54 bluhm Exp $ */ /* $NetBSD: udp_usrreq.c,v 1.28 1996/03/16 23:54:03 christos Exp $ */ /* @@ -560,7 +560,7 @@ udp_input(struct mbuf *m, ...) /* * Locate pcb for datagram. */ -#if 0 +#if NPF > 0 if (m->m_pkthdr.pf.statekey) inp = ((struct pf_state_key *)m->m_pkthdr.pf.statekey)->inp; #endif @@ -618,6 +618,15 @@ udp_input(struct mbuf *m, ...) } } +#if NPF > 0 + if (m->m_pkthdr.pf.statekey && !inp->inp_pf_sk && + !((struct pf_state_key *)m->m_pkthdr.pf.statekey)->inp && + (inp->inp_socket->so_state & SS_ISCONNECTED)) { + ((struct pf_state_key *)m->m_pkthdr.pf.statekey)->inp = inp; + inp->inp_pf_sk = m->m_pkthdr.pf.statekey; + } +#endif + #ifdef IPSEC mtag = m_tag_find(m, PACKET_TAG_IPSEC_IN_DONE, NULL); s = splnet(); @@ -1032,6 +1041,10 @@ udp_output(struct mbuf *m, ...) /* force routing domain */ m->m_pkthdr.rdomain = inp->inp_rtableid; +#if NPF > 0 + if (inp->inp_socket->so_state & SS_ISCONNECTED) + m->m_pkthdr.pf.inp = inp; +#endif error = ip_output(m, inp->inp_options, &inp->inp_route, inp->inp_socket->so_options & (SO_DONTROUTE | SO_BROADCAST | SO_JUMBO), |