(no subject)
Matthieu Michaud
matthieu at epita.info
Wed Jul 25 13:37:00 UTC 2007
dear pf hackers,
i have a simple question about pf's behavior. there is something i
don't understand in this piece of code :
http://fxr.watson.org/fxr/source/contrib/pf/net/pf.c#L2971
2971 inp = in_pcblookup_hash(pi, saddr->v4,
sport,daddr->v4,
2972 dport, 0, NULL);
2973 if (inp == NULL) {
2974 inp = in_pcblookup_hash(pi, saddr->v4,
sport,
2975 daddr->v4, dport,
INPLOOKUP_WILDCARD,NULL);
2976 if(inp == NULL) {
2977 INP_INFO_RUNLOCK(pi);
2978 return (-1);
2979 }
2980 }
there is 2 pcb lookups which only differs by its sixth arguments. as
far as i understand, this is because pf would prefer a result on a
non wildcard socket than a wildcard one. but, if i'm still correct, a
single in_pcblookup_hash call already does that :
http://fxr.watson.org/fxr/source/netinet/in_pcb.c#L1010
1010 /*
1011 * First look for an exact match.
1012 */
1013 head = &pcbinfo->ipi_hashbase[INP_PCBHASH(faddr.s_addr,
lport,fport,
1014 pcbinfo->ipi_hashmask)];
1015 LIST_FOREACH(inp, head, inp_hash) {
1016 #ifdef INET6
1017 if ((inp->inp_vflag & INP_IPV4) == 0)
1018 continue;
1019 #endif
1020 if (inp->inp_faddr.s_addr == faddr.s_addr &&
1021 inp->inp_laddr.s_addr == laddr.s_addr &&
1022 inp->inp_fport == fport &&
1023 inp->inp_lport == lport)
1024 return (inp);
1025 }
1026
1027 /*
1028 * Then look for a wildcard match, if requested.
1029 */
1030 if (wildcard) {
so why having two calls ?
sorry for the noise if i'm wrong and misunderstanding this piece of
code. in any case, thanks in advance for your answer.
More information about the freebsd-pf
mailing list