D2823.id.diff
No OneTemporary
Actions

Size

6 KB

Referenced Files

None

Subscribers

None

D2823.id.diff
View Options

	Index: stable/10/sys/net/pfvar.h
	===================================================================
	--- stable/10/sys/net/pfvar.h
	+++ stable/10/sys/net/pfvar.h
	@@ -1566,14 +1566,18 @@

	#ifdef INET
	int pf_test(int, struct ifnet , struct mbuf , struct inpcb );
	+int pf_normalize_ip(struct mbuf *, int, struct pfi_kif , u_short *,
	+ struct pf_pdesc *);
	#endif /* INET */

	#ifdef INET6
	int pf_test6(int, struct ifnet , struct mbuf , struct inpcb );
	+int pf_normalize_ip6(struct mbuf *, int, struct pfi_kif , u_short *,
	+ struct pf_pdesc *);
	void pf_poolmask(struct pf_addr , struct pf_addr,
	struct pf_addr , struct pf_addr , u_int8_t);
	void pf_addr_inc(struct pf_addr *, sa_family_t);
	-int pf_refragment6(struct ifnet ifp, struct mbuf m0, struct m_tag mtag);
	+int pf_refragment6(struct ifnet , struct mbuf , struct m_tag );
	#endif /* INET6 */

	u_int32_t pf_new_isn(struct pf_state *);
	@@ -1589,10 +1593,6 @@

	void pf_normalize_init(void);
	void pf_normalize_cleanup(void);
	-int pf_normalize_ip(struct mbuf *, int, struct pfi_kif , u_short *,
	- struct pf_pdesc *);
	-int pf_normalize_ip6(struct mbuf *, int, struct pfi_kif , u_short *,
	- struct pf_pdesc *);
	int pf_normalize_tcp(int, struct pfi_kif , struct mbuf , int, int, void *,
	struct pf_pdesc *);
	void pf_normalize_tcp_cleanup(struct pf_state *);
	Index: stable/10/sys/netpfil/pf/pf_norm.c
	===================================================================
	--- stable/10/sys/netpfil/pf/pf_norm.c
	+++ stable/10/sys/netpfil/pf/pf_norm.c
	@@ -135,35 +135,30 @@
	static RB_PROTOTYPE(pf_frag_tree, pf_fragment, fr_entry, pf_frag_compare);
	static RB_GENERATE(pf_frag_tree, pf_fragment, fr_entry, pf_frag_compare);

	-/* Private prototypes */
	-static void pf_free_fragment(struct pf_fragment *);
	-static void pf_remove_fragment(struct pf_fragment *);
	-static int pf_normalize_tcpopt(struct pf_rule , struct mbuf ,
	- struct tcphdr *, int, sa_family_t);
	-#ifdef INET
	-static void pf_scrub_ip(struct mbuf **, u_int32_t, u_int8_t,
	- u_int8_t);
	-static void pf_flush_fragments(void);
	+static void pf_flush_fragments(void);
	+static void pf_free_fragment(struct pf_fragment *);
	+static void pf_remove_fragment(struct pf_fragment *);
	+static int pf_normalize_tcpopt(struct pf_rule , struct mbuf ,
	+ struct tcphdr *, int, sa_family_t);
	+static struct pf_frent pf_create_fragment(u_short );
	static struct pf_fragment pf_find_fragment(struct pf_fragment_cmp key,
	- struct pf_frag_tree *tree);
	-struct pf_frent pf_create_fragment(u_short );
	-static int pf_reassemble(struct mbuf *, struct ip , int,
	- u_short *);
	-int pf_reassemble6(struct mbuf *, struct ip6_hdr ,
	- struct ip6_frag *, uint16_t, uint16_t, int,
	- u_short *);
	-static struct mbuf pf_fragcache(struct mbuf , struct ip,
	- struct pf_fragment *, int, int, int );
	+ struct pf_frag_tree *tree);
	static struct pf_fragment pf_fillup_fragment(struct pf_fragment_cmp ,
	- struct pf_frent , u_short );
	-int pf_isfull_fragment(struct pf_fragment *);
	-struct mbuf pf_join_fragment(struct pf_fragment );
	-
	-
	-#endif /* INET */
	+ struct pf_frent , u_short );
	+static int pf_isfull_fragment(struct pf_fragment *);
	+static struct mbuf pf_join_fragment(struct pf_fragment );
	+#ifdef INET
	+static void pf_scrub_ip(struct mbuf **, uint32_t, uint8_t, uint8_t);
	+static int pf_reassemble(struct mbuf *, struct ip , int, u_short *);
	+static struct mbuf pf_fragcache(struct mbuf , struct ip,
	+ struct pf_fragment *, int, int, int );
	+#endif /* INET */
	#ifdef INET6
	-static void pf_scrub_ip6(struct mbuf **, u_int8_t);
	-#endif
	+static int pf_reassemble6(struct mbuf *, struct ip6_hdr ,
	+ struct ip6_frag , uint16_t, uint16_t, int, u_short );
	+static void pf_scrub_ip6(struct mbuf **, uint8_t);
	+#endif /* INET6 */
	+
	#define DPFPRINTF(x) do { \
	if (V_pf_status.debug >= PF_DEBUG_MISC) { \
	printf("%s: ", __func__); \
	@@ -171,6 +166,7 @@
	} \
	} while(0)

	+#ifdef INET
	static void
	pf_ip2key(struct ip ip, int dir, struct pf_fragment_cmp key)
	{
	@@ -182,6 +178,7 @@
	key->frc_id = ip->ip_id;
	key->frc_direction = dir;
	}
	+#endif /* INET */

	void
	pf_normalize_init(void)
	@@ -269,7 +266,6 @@
	PF_FRAG_UNLOCK();
	}

	-#ifdef INET
	/*
	* Try to flush old fragments to make space for new ones
	*/
	@@ -294,7 +290,6 @@
	break;
	}
	}
	-#endif /* INET */

	/* Frees the fragments and all associated entries */
	static void
	@@ -331,7 +326,6 @@
	pf_remove_fragment(frag);
	}

	-#ifdef INET
	static struct pf_fragment *
	pf_find_fragment(struct pf_fragment_cmp key, struct pf_frag_tree tree)
	{
	@@ -354,10 +348,8 @@

	return (frag);
	}
	-#endif /* INET */

	/* Removes a fragment from the fragment queue and frees the fragment */
	-
	static void
	pf_remove_fragment(struct pf_fragment *frag)
	{
	@@ -375,8 +367,7 @@
	}
	}

	-#ifdef INET
	-struct pf_frent *
	+static struct pf_frent *
	pf_create_fragment(u_short *reason)
	{
	struct pf_frent *frent;
	@@ -539,7 +530,7 @@
	return (NULL);
	}

	-int
	+static int
	pf_isfull_fragment(struct pf_fragment *frag)
	{
	struct pf_frent frent, next;
	@@ -573,7 +564,7 @@
	return (1);
	}

	-struct mbuf *
	+static struct mbuf *
	pf_join_fragment(struct pf_fragment *frag)
	{
	struct mbuf m, m2;
	@@ -604,7 +595,7 @@
	return (m);
	}

	-#define FR_IP_OFF(fr) ((ntohs((fr)->fr_ip->ip_off) & IP_OFFMASK) << 3)
	+#ifdef INET
	static int
	pf_reassemble(struct mbuf *m0, struct ip ip, int dir, u_short *reason)
	{
	@@ -669,11 +660,12 @@
	DPFPRINTF(("complete: %p(%d)\n", m, ntohs(ip->ip_len)));
	return (PF_PASS);
	}
	+#endif /* INET */

	#ifdef INET6
	-int
	+static int
	pf_reassemble6(struct mbuf *m0, struct ip6_hdr ip6, struct ip6_frag *fraghdr,
	- uint16_t hdrlen, uint16_t extoff, int dir, u_short *reason)
	+ uint16_t hdrlen, uint16_t extoff, int dir, u_short *reason)
	{
	struct mbuf m = m0;
	struct pf_frent *frent;
	@@ -793,9 +785,9 @@
	/* PF_DROP requires a valid mbuf m0 in pf_test6(), will free later. /
	return (PF_DROP);
	}
	+#endif /* INET6 */

	-#endif
	-
	+#ifdef INET
	static struct mbuf *
	pf_fragcache(struct mbuf *m0, struct ip h, struct pf_fragment **frag, int mff,
	int drop, int *nomem)
	@@ -1097,7 +1089,9 @@
	m_freem(m);
	return (NULL);
	}
	+#endif /* INET */

	+#ifdef INET6
	int
	pf_refragment6(struct ifnet ifp, struct mbuf m0, struct m_tag mtag)
	{
	@@ -1169,7 +1163,9 @@

	return (action);
	}
	+#endif /* INET6 */

	+#ifdef INET
	int
	pf_normalize_ip(struct mbuf *m0, int dir, struct pfi_kif kif, u_short *reason,
	struct pf_pdesc *pd)

File Metadata

Mime Type: text/plain
Expires: Wed, Mar 5, 10:23 AM (12 h, 48 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 16990267
Default Alt Text: D2823.id.diff (6 KB)

D2823.id.diffNo OneTemporaryActions

D2823.id.diffView Options

File Metadata

Event Timeline

D2823.id.diff
No OneTemporary
Actions

D2823.id.diff
View Options