PERFORCE change 114048 for review
Paolo Pisati
piso at FreeBSD.org
Mon Feb 5 12:37:41 UTC 2007
http://perforce.freebsd.org/chv.cgi?CH=114048
Change 114048 by piso at piso_newluxor on 2007/02/05 12:36:19
Update ipfw and ng_nat to the new libalias API:
the code is still broken as we've to pass pass down
a **mbuf to let libalias manipulate it and return to
the caller.
Affected files ...
.. //depot/projects/soc2005/libalias/sys/netgraph/ng_nat.c#7 edit
.. //depot/projects/soc2005/libalias/sys/netinet/ip_fw2.c#40 edit
Differences ...
==== //depot/projects/soc2005/libalias/sys/netgraph/ng_nat.c#7 (text+ko) ====
@@ -204,7 +204,6 @@
struct mbuf *m;
struct ip *ip;
int rval, error = 0;
- char *c;
if (!(priv->flags & NGNAT_READY)) {
NG_FREE_ITEM(item);
@@ -213,7 +212,7 @@
m = NGI_M(item);
- if ((m = m_megapullup(m, m->m_pkthdr.len)) == NULL) {
+ if ((m = m_pullup(m, sizeof(struct ip))) == NULL) {
NGI_M(item) = NULL; /* avoid double free */
NG_FREE_ITEM(item);
return (ENOBUFS);
@@ -221,21 +220,20 @@
NGI_M(item) = m;
- c = mtod(m, char *);
ip = mtod(m, struct ip *);
KASSERT(m->m_pkthdr.len == ntohs(ip->ip_len),
("ng_nat: ip_len != m_pkthdr.len"));
if (hook == priv->in) {
- rval = LibAliasIn(priv->lib, c, MCLBYTES);
+ rval = LibAliasIn(priv->lib, m, MCLBYTES);
if (rval != PKT_ALIAS_OK &&
rval != PKT_ALIAS_FOUND_HEADER_FRAGMENT) {
NG_FREE_ITEM(item);
return (EINVAL);
}
} else if (hook == priv->out) {
- rval = LibAliasOut(priv->lib, c, MCLBYTES);
+ rval = LibAliasOut(priv->lib, m, MCLBYTES);
if (rval != PKT_ALIAS_OK) {
NG_FREE_ITEM(item);
return (EINVAL);
@@ -243,11 +241,26 @@
} else
panic("ng_nat: unknown hook!\n");
+ if ((m = m_pullup(m, sizeof(struct ip))) == NULL) {
+ NGI_M(item) = NULL; /* avoid double free */
+ NG_FREE_ITEM(item);
+ return (ENOBUFS);
+ }
+ ip = mtod(m, struct ip *);
m->m_pkthdr.len = m->m_len = ntohs(ip->ip_len);
if ((ip->ip_off & htons(IP_OFFMASK)) == 0 &&
- ip->ip_p == IPPROTO_TCP) {
- struct tcphdr *th = (struct tcphdr *)((caddr_t)ip +
+ ip->ip_p == IPPROTO_TCP) {
+ struct tcphdr *th;
+
+ if ((m = m_pullup(m, (ip->ip_hl << 2) + sizeof(struct tcphdr)))
+ == NULL) {
+ NGI_M(item) = NULL; /* avoid double free */
+ NG_FREE_ITEM(item);
+ return (ENOBUFS);
+ }
+ ip = mtod(m, struct ip *);
+ th = (struct tcphdr *)((caddr_t)ip +
(ip->ip_hl << 2));
/*
==== //depot/projects/soc2005/libalias/sys/netinet/ip_fw2.c#40 (text+ko) ====
@@ -3480,10 +3480,8 @@
#ifdef IPFIREWALL_NAT
case O_NAT: {
struct cfg_nat *t;
- struct mbuf *mcl;
/* XXX - libalias duct tape */
- int ldt;
- char *c;
+ int ldt;
ldt = 0;
args->rule = f; /* Report matching rule. */
@@ -3498,10 +3496,9 @@
((ipfw_insn_nat *)cmd)->nat =
t;
}
- if ((mcl = m_megapullup(m, m->m_pkthdr.len)) ==
- NULL)
+ if ((m = m_pullup(m, sizeof(struct ip))) == NULL)
goto badnat;
- ip = mtod(mcl, struct ip *);
+ ip = mtod(m, struct ip *);
if (args->eh == NULL) {
ip->ip_len = htons(ip->ip_len);
ip->ip_off = htons(ip->ip_off);
@@ -3555,27 +3552,29 @@
* it can handle delayed checksum and tso)
*/
- if (mcl->m_pkthdr.rcvif == NULL &&
- mcl->m_pkthdr.csum_flags &
+ if (m->m_pkthdr.rcvif == NULL &&
+ m->m_pkthdr.csum_flags &
CSUM_DELAY_DATA)
ldt = 1;
- c = mtod(mcl, char *);
if (oif == NULL)
- retval = LibAliasIn(t->lib, c,
+ retval = LibAliasIn(t->lib, m,
MCLBYTES);
else
- retval = LibAliasOut(t->lib, c,
+ retval = LibAliasOut(t->lib, m,
MCLBYTES);
if (retval != PKT_ALIAS_OK) {
/* XXX - should i add some logging? */
- m_free(mcl);
+ m_free(m);
badnat:
args->m = NULL;
retval = IP_FW_DENY;
goto done;
}
- mcl->m_pkthdr.len = mcl->m_len =
+ if ((m = m_pullup(m, sizeof(struct ip))) == NULL)
+ goto badnat;
+ ip = mtod(m, struct ip *);
+ m->m_pkthdr.len = m->m_len =
ntohs(ip->ip_len);
/*
@@ -3587,8 +3586,12 @@
ip->ip_p == IPPROTO_TCP) {
struct tcphdr *th;
+ if ((m = m_pullup(m, (ip->ip_hl << 2) +
+ sizeof(struct tcphdr))) == NULL)
+ goto badnat;
+ ip = mtod(m, struct ip *);
th = (struct tcphdr *)(ip + 1);
- if (th->th_x2)
+ if (th->th_x2)
ldt = 1;
}
@@ -3607,6 +3610,12 @@
switch (ip->ip_p) {
case IPPROTO_TCP:
+ if ((m = m_pullup(m,
+ (ip->ip_hl << 2) +
+ sizeof(struct tcphdr))) ==
+ NULL)
+ goto badnat;
+ ip = mtod(m, struct ip *);
th = (struct tcphdr *)(ip + 1);
/*
* Maybe it was set in
@@ -3614,26 +3623,32 @@
*/
th->th_x2 = 0;
th->th_sum = cksum;
- mcl->m_pkthdr.csum_data =
+ m->m_pkthdr.csum_data =
offsetof(struct tcphdr,
th_sum);
break;
case IPPROTO_UDP:
+ if ((m = m_pullup(m,
+ (ip->ip_hl << 2) +
+ sizeof(struct tcphdr))) ==
+ NULL)
+ goto badnat;
+ ip = mtod(m, struct ip *);
uh = (struct udphdr *)(ip + 1);
uh->uh_sum = cksum;
- mcl->m_pkthdr.csum_data =
+ m->m_pkthdr.csum_data =
offsetof(struct udphdr,
uh_sum);
- break;
+ break;
}
/*
* No hw checksum offloading: do it
* by ourself.
*/
- if ((mcl->m_pkthdr.csum_flags &
+ if ((m->m_pkthdr.csum_flags &
CSUM_DELAY_DATA) == 0) {
- in_delayed_cksum(mcl);
- mcl->m_pkthdr.csum_flags &=
+ in_delayed_cksum(m);
+ m->m_pkthdr.csum_flags &=
~CSUM_DELAY_DATA;
}
ip->ip_len = htons(ip->ip_len);
@@ -3644,7 +3659,7 @@
ip->ip_off = ntohs(ip->ip_off);
}
- args->m = mcl;
+ args->m = m;
retval = IP_FW_NAT;
goto done;
}
More information about the p4-projects
mailing list