Page MenuHomeFreeBSD
Files F105235255

D36454.id110153.diff
No OneTemporary
Actions

D36454.id110153.diff
View Options

Index: sys/net/pfil.h
===================================================================
--- sys/net/pfil.h
+++ sys/net/pfil.h
@@ -36,6 +36,7 @@
#define _NET_PFIL_H_
#include <sys/ioccom.h>
+#include <sys/ck.h>
enum pfil_types {
PFIL_TYPE_IP4,
@@ -187,6 +188,18 @@
const char *pa_headname;
};
+typedef CK_STAILQ_HEAD(pfil_chain, pfil_link) pfil_chain_t;
+struct pfil_head {
+ int head_nhooksin;
+ int head_nhooksout;
+ pfil_chain_t head_in;
+ pfil_chain_t head_out;
+ int head_flags;
+ enum pfil_types head_type;
+ LIST_ENTRY(pfil_head) head_list;
+ const char *head_name;
+};
+
/* Public functions for pfil head management by inspection points. */
pfil_head_t pfil_head_register(struct pfil_head_args *);
void pfil_head_unregister(pfil_head_t);
@@ -194,6 +207,12 @@
/* Public functions to run the packet inspection by inspection points. */
int pfil_run_hooks(struct pfil_head *, pfil_packet_t, struct ifnet *, int,
struct inpcb *inp);
+int pfil_run_hooks_simple(pfil_chain_t *, pfil_packet_t, struct ifnet *, int,
+ struct inpcb *inp);
+#define pfil_run_hooks_in(head, packet, ifp, inp) \
+ pfil_run_hooks_simple(&(head)->head_in, packet, ifp, PFIL_IN, inp)
+#define pfil_run_hooks_out(head, packet, ifp, inp) \
+ pfil_run_hooks_simple(&(head)->head_out, packet, ifp, PFIL_OUT, inp)
/*
* Minimally exposed structure to avoid function call in case of absence
* of any filters by protocols and macros to do the check.
Index: sys/net/pfil.c
===================================================================
--- sys/net/pfil.c
+++ sys/net/pfil.c
@@ -89,18 +89,6 @@
struct epoch_context link_epoch_ctx;
};
-typedef CK_STAILQ_HEAD(pfil_chain, pfil_link) pfil_chain_t;
-struct pfil_head {
- int head_nhooksin;
- int head_nhooksout;
- pfil_chain_t head_in;
- pfil_chain_t head_out;
- int head_flags;
- enum pfil_types head_type;
- LIST_ENTRY(pfil_head) head_list;
- const char *head_name;
-};
-
LIST_HEAD(pfilheadhead, pfil_head);
VNET_DEFINE_STATIC(struct pfilheadhead, pfil_head_list) =
LIST_HEAD_INITIALIZER(pfil_head_list);
@@ -198,6 +186,24 @@
return (rv);
}
+int
+pfil_run_hooks_simple(pfil_chain_t *pch, pfil_packet_t p, struct ifnet *ifp,
+ int flags, struct inpcb *inp)
+{
+ struct pfil_link *link;
+ pfil_return_t rv;
+
+ NET_EPOCH_ASSERT();
+
+ rv = PFIL_PASS;
+ CK_STAILQ_FOREACH(link, pch, link_chain) {
+ rv = (*link->link_func)(p, ifp, flags, link->link_ruleset, inp);
+ if (rv == PFIL_DROPPED || rv == PFIL_CONSUMED)
+ break;
+ }
+ return (rv);
+}
+
/*
* pfil_head_register() registers a pfil_head with the packet filter hook
* mechanism.
Index: sys/netinet/ip_fastfwd.c
===================================================================
--- sys/netinet/ip_fastfwd.c
+++ sys/netinet/ip_fastfwd.c
@@ -318,7 +318,7 @@
if (!PFIL_HOOKED_IN(V_inet_pfil_head))
goto passin;
- if (pfil_run_hooks(V_inet_pfil_head, &m, m->m_pkthdr.rcvif, PFIL_IN,
+ if (pfil_run_hooks_in(V_inet_pfil_head, &m, m->m_pkthdr.rcvif,
NULL) != PFIL_PASS)
goto drop;
@@ -410,8 +410,8 @@
if (!PFIL_HOOKED_OUT(V_inet_pfil_head))
goto passout;
- if (pfil_run_hooks(V_inet_pfil_head, &m, nh->nh_ifp,
- PFIL_OUT, NULL) != PFIL_PASS)
+ if (pfil_run_hooks_out(V_inet_pfil_head, &m, nh->nh_ifp,
+ NULL) != PFIL_PASS)
goto drop;
M_ASSERTVALID(m);
Index: sys/netinet/ip_input.c
===================================================================
--- sys/netinet/ip_input.c
+++ sys/netinet/ip_input.c
@@ -615,7 +615,7 @@
goto passin;
odst = ip->ip_dst;
- if (pfil_run_hooks(V_inet_pfil_head, &m, ifp, PFIL_IN, NULL) !=
+ if (pfil_run_hooks_in(V_inet_pfil_head, &m, ifp, NULL) !=
PFIL_PASS)
return;
if (m == NULL) /* consumed by filter */
Index: sys/netinet6/ip6_fastfwd.c
===================================================================
--- sys/netinet6/ip6_fastfwd.c
+++ sys/netinet6/ip6_fastfwd.c
@@ -164,7 +164,7 @@
*/
if (!PFIL_HOOKED_IN(V_inet6_pfil_head))
goto passin;
- if (pfil_run_hooks(V_inet6_pfil_head, &m, rcvif, PFIL_IN, NULL) !=
+ if (pfil_run_hooks_in(V_inet6_pfil_head, &m, rcvif, NULL) !=
PFIL_PASS)
goto dropin;
/*
@@ -214,7 +214,7 @@
/*
* Outgoing packet firewall processing.
*/
- if (pfil_run_hooks(V_inet6_pfil_head, &m, nh->nh_ifp, PFIL_OUT,
+ if (pfil_run_hooks_out(V_inet6_pfil_head, &m, nh->nh_ifp,
NULL) != PFIL_PASS)
goto dropout;
Index: sys/netinet6/ip6_forward.c
===================================================================
--- sys/netinet6/ip6_forward.c
+++ sys/netinet6/ip6_forward.c
@@ -313,7 +313,7 @@
odst = ip6->ip6_dst;
/* Run through list of hooks for forwarded packets. */
- if (pfil_run_hooks(V_inet6_pfil_head, &m, nh->nh_ifp, PFIL_OUT,
+ if (pfil_run_hooks_out(V_inet6_pfil_head, &m, nh->nh_ifp,
NULL) != PFIL_PASS)
goto freecopy;
ip6 = mtod(m, struct ip6_hdr *);
Index: sys/netinet6/ip6_input.c
===================================================================
--- sys/netinet6/ip6_input.c
+++ sys/netinet6/ip6_input.c
@@ -737,7 +737,7 @@
goto passin;
odst = ip6->ip6_dst;
- if (pfil_run_hooks(V_inet6_pfil_head, &m, m->m_pkthdr.rcvif, PFIL_IN,
+ if (pfil_run_hooks_in(V_inet6_pfil_head, &m, m->m_pkthdr.rcvif,
NULL) != PFIL_PASS)
return;
ip6 = mtod(m, struct ip6_hdr *);
Index: sys/netinet6/ip6_output.c
===================================================================
--- sys/netinet6/ip6_output.c
+++ sys/netinet6/ip6_output.c
@@ -1014,7 +1014,7 @@
odst = ip6->ip6_dst;
/* Run through list of hooks for output packets. */
- switch (pfil_run_hooks(V_inet6_pfil_head, &m, ifp, PFIL_OUT, inp)) {
+ switch (pfil_run_hooks_out(V_inet6_pfil_head, &m, ifp, inp)) {
case PFIL_PASS:
ip6 = mtod(m, struct ip6_hdr *);
break;

File Metadata

Mime Type
text/plain
Expires
Sat, Dec 14, 9:22 PM (13 h, 36 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
15395815
Default Alt Text
D36454.id110153.diff (5 KB)

Event Timeline