summaryrefslogtreecommitdiffstats
path: root/sys
diff options
context:
space:
mode:
Diffstat (limited to 'sys')
-rw-r--r--sys/net/pf.c19
-rw-r--r--sys/net/pf_ioctl.c5
-rw-r--r--sys/net/pfvar.h6
-rw-r--r--sys/netinet/raw_ip.c4
-rw-r--r--sys/netinet6/raw_ip6.c4
5 files changed, 21 insertions, 17 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c
index ebedf217cce..01e60badeaa 100644
--- a/sys/net/pf.c
+++ b/sys/net/pf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf.c,v 1.1047 2017/11/22 12:28:49 bluhm Exp $ */
+/* $OpenBSD: pf.c,v 1.1048 2017/11/28 16:05:46 bluhm Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -1380,7 +1380,8 @@ pf_remove_divert_state(struct pf_state_key *sk)
TAILQ_FOREACH(si, &sk->states, entry) {
if (sk == si->s->key[PF_SK_STACK] && si->s->rule.ptr &&
- si->s->rule.ptr->divert.port) {
+ (si->s->rule.ptr->divert.type == PF_DIVERT_TO ||
+ si->s->rule.ptr->divert.type == PF_DIVERT_REPLY)) {
pf_remove_state(si->s);
break;
}
@@ -6981,18 +6982,21 @@ done:
if (pd.destchg && pd.dir == PF_OUT)
pd.m->m_pkthdr.pf.flags |= PF_TAG_REROUTE;
- if (pd.dir == PF_IN && action == PF_PASS && r->divert.port) {
+ if (pd.dir == PF_IN && action == PF_PASS &&
+ (r->divert.type == PF_DIVERT_TO ||
+ r->divert.type == PF_DIVERT_REPLY)) {
struct pf_divert *divert;
if ((divert = pf_get_divert(pd.m))) {
pd.m->m_pkthdr.pf.flags |= PF_TAG_DIVERTED;
+ divert->addr = r->divert.addr;
divert->port = r->divert.port;
divert->rdomain = pd.rdomain;
- divert->addr = r->divert.addr;
+ divert->type = r->divert.type;
}
}
- if (action == PF_PASS && r->divert_packet.port)
+ if (action == PF_PASS && r->divert.type == PF_DIVERT_PACKET)
action = PF_DIVERT;
#if NPFLOG > 0
@@ -7023,13 +7027,12 @@ done:
case PF_DIVERT:
switch (pd.af) {
case AF_INET:
- if (!divert_packet(pd.m, pd.dir, r->divert_packet.port))
+ if (!divert_packet(pd.m, pd.dir, r->divert.port))
pd.m = NULL;
break;
#ifdef INET6
case AF_INET6:
- if (!divert6_packet(pd.m, pd.dir,
- r->divert_packet.port))
+ if (!divert6_packet(pd.m, pd.dir, r->divert.port))
pd.m = NULL;
break;
#endif /* INET6 */
diff --git a/sys/net/pf_ioctl.c b/sys/net/pf_ioctl.c
index e392d5364e7..ece193752a8 100644
--- a/sys/net/pf_ioctl.c
+++ b/sys/net/pf_ioctl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf_ioctl.c,v 1.325 2017/11/13 11:30:11 henning Exp $ */
+/* $OpenBSD: pf_ioctl.c,v 1.326 2017/11/28 16:05:46 bluhm Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -2796,8 +2796,7 @@ pf_rule_copyin(struct pf_rule *from, struct pf_rule *to,
to->flush = from->flush;
to->divert.addr = from->divert.addr;
to->divert.port = from->divert.port;
- to->divert_packet.addr = from->divert_packet.addr;
- to->divert_packet.port = from->divert_packet.port;
+ to->divert.type = from->divert.type;
to->prio = from->prio;
to->set_prio[0] = from->set_prio[0];
to->set_prio[1] = from->set_prio[1];
diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h
index ae849b4d594..27dcefbe47b 100644
--- a/sys/net/pfvar.h
+++ b/sys/net/pfvar.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfvar.h,v 1.468 2017/11/27 23:21:50 bluhm Exp $ */
+/* $OpenBSD: pfvar.h,v 1.469 2017/11/28 16:05:46 bluhm Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -590,7 +590,8 @@ struct pf_rule {
struct {
struct pf_addr addr;
u_int16_t port;
- } divert, divert_packet;
+ u_int8_t type;
+ } divert;
SLIST_ENTRY(pf_rule) gcle;
struct pf_ruleset *ruleset;
@@ -1394,6 +1395,7 @@ struct pf_divert {
struct pf_addr addr;
u_int16_t port;
u_int16_t rdomain;
+ u_int8_t type;
};
enum pf_divert_types {
diff --git a/sys/netinet/raw_ip.c b/sys/netinet/raw_ip.c
index d969c5ee66c..85986a64900 100644
--- a/sys/netinet/raw_ip.c
+++ b/sys/netinet/raw_ip.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: raw_ip.c,v 1.106 2017/11/20 10:35:24 mpi Exp $ */
+/* $OpenBSD: raw_ip.c,v 1.107 2017/11/28 16:05:46 bluhm Exp $ */
/* $NetBSD: raw_ip.c,v 1.25 1996/02/18 18:58:33 christos Exp $ */
/*
@@ -149,7 +149,7 @@ rip_input(struct mbuf **mp, int *offp, int proto, int af)
/* XXX rdomain support */
if ((divert = pf_find_divert(m)) == NULL)
continue;
- if (!divert->addr.v4.s_addr)
+ if (divert->type == PF_DIVERT_REPLY)
goto divert_reply;
if (inp->inp_laddr.s_addr != divert->addr.v4.s_addr)
continue;
diff --git a/sys/netinet6/raw_ip6.c b/sys/netinet6/raw_ip6.c
index 0c0bd3b6cd9..17987db85ad 100644
--- a/sys/netinet6/raw_ip6.c
+++ b/sys/netinet6/raw_ip6.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: raw_ip6.c,v 1.123 2017/11/20 10:35:24 mpi Exp $ */
+/* $OpenBSD: raw_ip6.c,v 1.124 2017/11/28 16:05:46 bluhm Exp $ */
/* $KAME: raw_ip6.c,v 1.69 2001/03/04 15:55:44 itojun Exp $ */
/*
@@ -152,7 +152,7 @@ rip6_input(struct mbuf **mp, int *offp, int proto, int af)
/* XXX rdomain support */
if ((divert = pf_find_divert(m)) == NULL)
continue;
- if (IN6_IS_ADDR_UNSPECIFIED(&divert->addr.v6))
+ if (divert->type == PF_DIVERT_REPLY)
goto divert_reply;
if (!IN6_ARE_ADDR_EQUAL(&in6p->inp_laddr6,
&divert->addr.v6))
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.