svn commit: r234175 - projects/pf/head/sys/contrib/pf/net
Gleb Smirnoff
glebius at FreeBSD.org
Thu Apr 12 12:15:16 UTC 2012
Author: glebius
Date: Thu Apr 12 12:15:15 2012
New Revision: 234175
URL: http://svn.freebsd.org/changeset/base/234175
Log:
Neither our pfil(9) supply the Ethernet header of packet,
nor our ip_output() accepts it, so there is no reason
to push around that always NULL pointers. Remove them,
as well as code that never executes.
Modified:
projects/pf/head/sys/contrib/pf/net/pf.c
projects/pf/head/sys/contrib/pf/net/pf_ioctl.c
projects/pf/head/sys/contrib/pf/net/pfvar.h
Modified: projects/pf/head/sys/contrib/pf/net/pf.c
==============================================================================
--- projects/pf/head/sys/contrib/pf/net/pf.c Thu Apr 12 11:27:09 2012 (r234174)
+++ projects/pf/head/sys/contrib/pf/net/pf.c Thu Apr 12 12:15:15 2012 (r234175)
@@ -183,7 +183,7 @@ static void pf_send_tcp(struct mbuf *,
const struct pf_addr *, const struct pf_addr *,
u_int16_t, u_int16_t, u_int32_t, u_int32_t,
u_int8_t, u_int16_t, u_int16_t, u_int8_t, int,
- u_int16_t, struct ether_header *, struct ifnet *);
+ u_int16_t, struct ifnet *);
static void pf_send_icmp(struct mbuf *, u_int8_t, u_int8_t,
sa_family_t, struct pf_rule *);
static void pf_detach_state(struct pf_state *);
@@ -1338,7 +1338,7 @@ pf_unlink_state(struct pf_state *s, u_in
s->key[PF_SK_WIRE]->port[1],
s->key[PF_SK_WIRE]->port[0],
s->src.seqhi, s->src.seqlo + 1,
- TH_RST|TH_ACK, 0, 0, 0, 1, s->tag, NULL, NULL);
+ TH_RST|TH_ACK, 0, 0, 0, 1, s->tag, NULL);
}
LIST_REMOVE(s, entry);
@@ -1949,7 +1949,7 @@ pf_send_tcp(struct mbuf *replyto, const
const struct pf_addr *saddr, const struct pf_addr *daddr,
u_int16_t sport, u_int16_t dport, u_int32_t seq, u_int32_t ack,
u_int8_t flags, u_int16_t win, u_int16_t mss, u_int8_t ttl, int tag,
- u_int16_t rtag, struct ether_header *eh, struct ifnet *ifp)
+ u_int16_t rtag, struct ifnet *ifp)
{
struct mbuf *m;
int len, tlen;
@@ -2096,33 +2096,9 @@ pf_send_tcp(struct mbuf *replyto, const
h->ip_len = len;
h->ip_ttl = ttl ? ttl : V_ip_defttl;
h->ip_sum = 0;
- if (eh == NULL) {
- PF_UNLOCK();
- ip_output(m, (void *)NULL, (void *)NULL, 0,
- (void *)NULL, (void *)NULL);
- PF_LOCK();
- } else {
- struct route ro;
- struct rtentry rt;
- struct ether_header *e = (void *)ro.ro_dst.sa_data;
-
- if (ifp == NULL) {
- m_freem(m);
- return;
- }
- rt.rt_ifp = ifp;
- ro.ro_rt = &rt;
- ro.ro_dst.sa_len = sizeof(ro.ro_dst);
- ro.ro_dst.sa_family = pseudo_AF_HDRCMPLT;
- bcopy(eh->ether_dhost, e->ether_shost, ETHER_ADDR_LEN);
- bcopy(eh->ether_shost, e->ether_dhost, ETHER_ADDR_LEN);
- e->ether_type = eh->ether_type;
- PF_UNLOCK();
- /* XXX_IMPORT: later */
- ip_output(m, (void *)NULL, &ro, 0,
- (void *)NULL, (void *)NULL);
- PF_LOCK();
- }
+ PF_UNLOCK();
+ ip_output(m, NULL, NULL, 0, NULL, NULL);
+ PF_LOCK();
break;
#endif /* INET */
#ifdef INET6
@@ -3147,7 +3123,7 @@ pf_test_rule(struct pf_rule **rm, struct
pf_send_tcp(m, r, af, pd->dst,
pd->src, th->th_dport, th->th_sport,
ntohl(th->th_ack), ack, TH_RST|TH_ACK, 0, 0,
- r->return_ttl, 1, 0, pd->eh, kif->pfik_ifp);
+ r->return_ttl, 1, 0, kif->pfik_ifp);
}
} else if (pd->proto != IPPROTO_ICMP && af == AF_INET &&
r->return_icmp)
@@ -3410,7 +3386,7 @@ pf_create_state(struct pf_rule *r, struc
s->src.mss = mss;
pf_send_tcp(NULL, r, pd->af, pd->dst, pd->src, th->th_dport,
th->th_sport, s->src.seqhi, ntohl(th->th_seq) + 1,
- TH_SYN|TH_ACK, 0, s->src.mss, 0, 1, 0, NULL, NULL);
+ TH_SYN|TH_ACK, 0, s->src.mss, 0, 1, 0, NULL);
REASON_SET(&reason, PFRES_SYNPROXY);
return (PF_SYNPROXY_DROP);
}
@@ -3825,7 +3801,7 @@ pf_tcp_track_full(struct pf_state_peer *
th->th_sport, ntohl(th->th_ack), 0,
TH_RST, 0, 0,
(*state)->rule.ptr->return_ttl, 1, 0,
- pd->eh, kif->pfik_ifp);
+ kif->pfik_ifp);
src->seqlo = 0;
src->seqhi = 1;
src->max_win = 1;
@@ -3978,8 +3954,7 @@ pf_test_state_tcp(struct pf_state **stat
pf_send_tcp(NULL, (*state)->rule.ptr, pd->af, pd->dst,
pd->src, th->th_dport, th->th_sport,
(*state)->src.seqhi, ntohl(th->th_seq) + 1,
- TH_SYN|TH_ACK, 0, (*state)->src.mss, 0, 1,
- 0, NULL, NULL);
+ TH_SYN|TH_ACK, 0, (*state)->src.mss, 0, 1, 0, NULL);
REASON_SET(reason, PFRES_SYNPROXY);
return (PF_SYNPROXY_DROP);
} else if (!(th->th_flags & TH_ACK) ||
@@ -4009,7 +3984,7 @@ pf_test_state_tcp(struct pf_state **stat
&sk->addr[pd->sidx], &sk->addr[pd->didx],
sk->port[pd->sidx], sk->port[pd->didx],
(*state)->dst.seqhi, 0, TH_SYN, 0,
- (*state)->src.mss, 0, 0, (*state)->tag, NULL, NULL);
+ (*state)->src.mss, 0, 0, (*state)->tag, NULL);
REASON_SET(reason, PFRES_SYNPROXY);
return (PF_SYNPROXY_DROP);
} else if (((th->th_flags & (TH_SYN|TH_ACK)) !=
@@ -4024,13 +3999,12 @@ pf_test_state_tcp(struct pf_state **stat
pd->src, th->th_dport, th->th_sport,
ntohl(th->th_ack), ntohl(th->th_seq) + 1,
TH_ACK, (*state)->src.max_win, 0, 0, 0,
- (*state)->tag, NULL, NULL);
+ (*state)->tag, NULL);
pf_send_tcp(NULL, (*state)->rule.ptr, pd->af,
&sk->addr[pd->sidx], &sk->addr[pd->didx],
sk->port[pd->sidx], sk->port[pd->didx],
(*state)->src.seqhi + 1, (*state)->src.seqlo + 1,
- TH_ACK, (*state)->dst.max_win, 0, 0, 1,
- 0, NULL, NULL);
+ TH_ACK, (*state)->dst.max_win, 0, 0, 1, 0, NULL);
(*state)->src.seqdiff = (*state)->dst.seqhi -
(*state)->src.seqlo;
(*state)->dst.seqdiff = (*state)->src.seqhi -
@@ -5143,7 +5117,7 @@ pf_route(struct mbuf **m, struct pf_rule
if (oifp != ifp) {
PF_UNLOCK();
- if (pf_test(PF_OUT, ifp, &m0, NULL, NULL) != PF_PASS) {
+ if (pf_test(PF_OUT, ifp, &m0, NULL) != PF_PASS) {
PF_LOCK();
goto bad;
} else if (m0 == NULL) {
@@ -5333,7 +5307,7 @@ pf_route6(struct mbuf **m, struct pf_rul
if (oifp != ifp) {
PF_UNLOCK();
- if (pf_test6(PF_OUT, ifp, &m0, NULL, NULL) != PF_PASS) {
+ if (pf_test6(PF_OUT, ifp, &m0, NULL) != PF_PASS) {
PF_LOCK();
goto bad;
} else if (m0 == NULL) {
@@ -5517,8 +5491,7 @@ pf_check_proto_cksum(struct mbuf *m, int
#ifdef INET
int
-pf_test(int dir, struct ifnet *ifp, struct mbuf **m0,
- struct ether_header *eh, struct inpcb *inp)
+pf_test(int dir, struct ifnet *ifp, struct mbuf **m0, struct inpcb *inp)
{
struct pfi_kif *kif;
u_short action, reason = 0, log = 0;
@@ -5605,7 +5578,6 @@ pf_test(int dir, struct ifnet *ifp, stru
pd.af = AF_INET;
pd.tos = h->ip_tos;
pd.tot_len = ntohs(h->ip_len);
- pd.eh = eh;
/* handle fragments that didn't get reassembled by normalization */
if (h->ip_off & htons(IP_MF | IP_OFFMASK)) {
@@ -5880,8 +5852,7 @@ done:
#ifdef INET6
int
-pf_test6(int dir, struct ifnet *ifp, struct mbuf **m0,
- struct ether_header *eh, struct inpcb *inp)
+pf_test6(int dir, struct ifnet *ifp, struct mbuf **m0, struct inpcb *inp)
{
struct pfi_kif *kif;
u_short action, reason = 0, log = 0;
@@ -5959,7 +5930,6 @@ pf_test6(int dir, struct ifnet *ifp, str
pd.af = AF_INET6;
pd.tos = 0;
pd.tot_len = ntohs(h->ip6_plen) + sizeof(struct ip6_hdr);
- pd.eh = eh;
off = ((caddr_t)h - m->m_data) + sizeof(struct ip6_hdr);
pd.proto = h->ip6_nxt;
Modified: projects/pf/head/sys/contrib/pf/net/pf_ioctl.c
==============================================================================
--- projects/pf/head/sys/contrib/pf/net/pf_ioctl.c Thu Apr 12 11:27:09 2012 (r234174)
+++ projects/pf/head/sys/contrib/pf/net/pf_ioctl.c Thu Apr 12 12:15:15 2012 (r234175)
@@ -3538,7 +3538,7 @@ pf_check_in(void *arg, struct mbuf **m,
HTONS(h->ip_off);
}
CURVNET_SET(ifp->if_vnet);
- chk = pf_test(PF_IN, ifp, m, NULL, inp);
+ chk = pf_test(PF_IN, ifp, m, inp);
CURVNET_RESTORE();
if (chk && *m) {
m_freem(*m);
@@ -3580,7 +3580,7 @@ pf_check_out(void *arg, struct mbuf **m,
HTONS(h->ip_off);
}
CURVNET_SET(ifp->if_vnet);
- chk = pf_test(PF_OUT, ifp, m, NULL, inp);
+ chk = pf_test(PF_OUT, ifp, m, inp);
CURVNET_RESTORE();
if (chk && *m) {
m_freem(*m);
@@ -3613,8 +3613,7 @@ pf_check6_in(void *arg, struct mbuf **m,
* filtering we have change this to lo0 as it is the case in IPv4.
*/
CURVNET_SET(ifp->if_vnet);
- chk = pf_test6(PF_IN, (*m)->m_flags & M_LOOP ? V_loif : ifp, m,
- NULL, inp);
+ chk = pf_test6(PF_IN, (*m)->m_flags & M_LOOP ? V_loif : ifp, m, inp);
CURVNET_RESTORE();
if (chk && *m) {
m_freem(*m);
@@ -3641,7 +3640,7 @@ pf_check6_out(void *arg, struct mbuf **m
(*m)->m_pkthdr.csum_flags &= ~CSUM_DELAY_DATA;
}
CURVNET_SET(ifp->if_vnet);
- chk = pf_test6(PF_OUT, ifp, m, NULL, inp);
+ chk = pf_test6(PF_OUT, ifp, m, inp);
CURVNET_RESTORE();
if (chk && *m) {
m_freem(*m);
Modified: projects/pf/head/sys/contrib/pf/net/pfvar.h
==============================================================================
--- projects/pf/head/sys/contrib/pf/net/pfvar.h Thu Apr 12 11:27:09 2012 (r234174)
+++ projects/pf/head/sys/contrib/pf/net/pfvar.h Thu Apr 12 12:15:15 2012 (r234175)
@@ -1201,8 +1201,6 @@ struct pf_pdesc {
} hdr;
struct pf_rule *nat_rule; /* nat/rdr rule applied to packet */
- struct ether_header
- *eh;
struct pf_addr *src; /* src address */
struct pf_addr *dst; /* dst address */
u_int16_t *sport;
@@ -1819,13 +1817,11 @@ extern void pf_addrcpy(struct pf_addr
void pf_rm_rule(struct pf_rulequeue *,
struct pf_rule *);
#ifdef INET
-int pf_test(int, struct ifnet *, struct mbuf **, struct ether_header *,
- struct inpcb *);
+int pf_test(int, struct ifnet *, struct mbuf **, struct inpcb *);
#endif /* INET */
#ifdef INET6
-int pf_test6(int, struct ifnet *, struct mbuf **, struct ether_header *,
- struct inpcb *);
+int pf_test6(int, struct ifnet *, struct mbuf **, struct inpcb *);
void pf_poolmask(struct pf_addr *, struct pf_addr*,
struct pf_addr *, struct pf_addr *, u_int8_t);
void pf_addr_inc(struct pf_addr *, sa_family_t);
More information about the svn-src-projects
mailing list