D46683.id143378.diff
No OneTemporary
Actions

Size

6 KB

Referenced Files

None

Subscribers

None

D46683.id143378.diff
View Options

	diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h
	--- a/sys/net/pfvar.h
	+++ b/sys/net/pfvar.h
	@@ -1390,6 +1390,11 @@
	PFR_FB_CHANGED, PFR_FB_CLEARED, PFR_FB_DUPLICATE,
	PFR_FB_NOTMATCH, PFR_FB_CONFLICT, PFR_FB_NOCOUNT, PFR_FB_MAX };

	+typedef enum {
	+ PF_AF_INET = AF_INET,
	+ PF_AF_INET6 = AF_INET6,
	+} pf_af_t;
	+
	struct pfr_addr {
	union {
	struct in_addr _pfra_ip4addr;
	@@ -1619,7 +1624,7 @@
	* state code. Easier than tags */
	#define PFDESC_TCP_NORM 0x0001 /* TCP shall be statefully scrubbed */
	#define PFDESC_IP_REAS 0x0002 /* IP frags would've been reassembled */
	- sa_family_t af;
	+ pf_af_t af;
	u_int8_t proto;
	u_int8_t tos;
	u_int8_t dir; /* direction */
	@@ -2362,7 +2367,7 @@
	int pf_test_eth(int, int, struct ifnet , struct mbuf , struct inpcb );
	int pf_scan_sctp(struct mbuf , int, struct pf_pdesc , struct pfi_kkif *);
	#if defined(INET) \|\| defined(INET6)
	-int pf_test(sa_family_t, int, int, struct ifnet , struct mbuf , struct inpcb ,
	+int pf_test(pf_af_t, int, int, struct ifnet , struct mbuf , struct inpcb ,
	struct pf_rule_actions *);
	#endif
	#ifdef INET
	diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
	--- a/sys/netpfil/pf/pf.c
	+++ b/sys/netpfil/pf/pf.c
	@@ -584,15 +584,13 @@
	}

	static bool
	-pf_is_loopback(sa_family_t af, struct pf_addr *addr)
	+pf_is_loopback(pf_af_t af, struct pf_addr *addr)
	{
	switch (af) {
	- case AF_INET:
	+ case PF_AF_INET:
	return IN_LOOPBACK(ntohl(addr->v4.s_addr));
	- case AF_INET6:
	+ case PF_AF_INET6:
	return IN6_IS_ADDR_LOOPBACK(&addr->v6);
	- default:
	- panic("Unknown af %d", af);
	}
	}

	@@ -8889,7 +8887,7 @@

	#if defined(INET) \|\| defined(INET6)
	int
	-pf_test(sa_family_t af, int dir, int pflags, struct ifnet ifp, struct mbuf *m0,
	+pf_test(pf_af_t af, int dir, int pflags, struct ifnet ifp, struct mbuf *m0,
	struct inpcb inp, struct pf_rule_actions default_actions)
	{
	struct pfi_kkif *kif;
	@@ -8909,6 +8907,7 @@

	PF_RULES_RLOCK_TRACKER;
	KASSERT(dir == PF_IN \|\| dir == PF_OUT, ("%s: bad direction %d\n", __func__, dir));
	+ KASSERT(af == PF_AF_INET \|\| af == PF_AF_INET6, ("Unsupported af %d", af));
	M_ASSERTPKTHDR(m);

	if (!V_pf_status.running)
	@@ -8945,7 +8944,7 @@

	switch (af) {
	#ifdef INET
	- case AF_INET:
	+ case PF_AF_INET:
	if (__predict_false(m->m_len < sizeof(struct ip)) &&
	(m = m0 = m_pullup(m0, sizeof(struct ip))) == NULL) {
	DPFPRINTF(PF_DEBUG_URGENT,
	@@ -8965,7 +8964,7 @@
	break;
	#endif
	#ifdef INET6
	- case AF_INET6:
	+ case PF_AF_INET6:
	/*
	* If we end up changing IP addresses (e.g. binat) the stack may get
	* confused and fail to send the icmp6 packet too big error. Just send
	@@ -8997,8 +8996,6 @@
	ttl = h6->ip6_hlim;
	break;
	#endif
	- default:
	- panic("Unknown af %d", af);
	}

	if (pf_setup_pdesc(af, dir, &pd, m, &action, &reason, kif, &a, &r,
	@@ -9064,7 +9061,7 @@

	switch (af) {
	#ifdef INET
	- case AF_INET:
	+ case PF_AF_INET:
	/* handle fragments that didn't get reassembled by normalization */
	if (h->ip_off & htons(IP_MF \| IP_OFFMASK)) {
	action = pf_test_fragment(&r, kif, m, &pd, &a, &ruleset);
	@@ -9073,7 +9070,7 @@
	break;
	#endif
	#ifdef INET6
	- case AF_INET6:
	+ case PF_AF_INET6:
	/*
	* we do not support jumbogram. if we keep going, zero ip6_plen
	* will do something bad, so drop the packet for now.
	@@ -9085,8 +9082,6 @@
	}
	break;
	#endif
	- default:
	- panic("Unknown af %d", af);
	}

	switch (pd.proto) {
	@@ -9294,7 +9289,7 @@
	else
	pd.pf_mtag->qid = pd.act.qid;
	/* Add hints for ecn. */
	- if (af == AF_INET)
	+ if (af == PF_AF_INET)
	pd.pf_mtag->hdr = h;
	else
	pd.pf_mtag->hdr = h6;
	@@ -9314,7 +9309,7 @@
	pf_is_loopback(af, pd.dst))
	m->m_flags \|= M_SKIP_FIREWALL;

	- if (af == AF_INET && __predict_false(ip_divert_ptr != NULL) &&
	+ if (af == PF_AF_INET && __predict_false(ip_divert_ptr != NULL) &&
	action == PF_PASS && r->divert.port && !PACKET_LOOPED(&pd)) {
	mtag = m_tag_alloc(MTAG_PF_DIVERT, 0,
	sizeof(struct pf_divert_mtag), M_NOWAIT \| M_ZERO);
	@@ -9357,7 +9352,7 @@
	}
	}
	/* XXX: Anybody working on it?! */
	- if (af == AF_INET6 && r->divert.port)
	+ if (af == PF_AF_INET6 && r->divert.port)
	printf("pf: divert(9) is not supported for IPv6\n");

	/* this flag will need revising if the pkt is forwarded */
	@@ -9402,19 +9397,17 @@
	if (rt) {
	switch (af) {
	#ifdef INET
	- case AF_INET:
	+ case PF_AF_INET:
	/* pf_route() returns unlocked. */
	pf_route(m0, r, kif->pfik_ifp, s, &pd, inp);
	break;
	#endif
	#ifdef INET6
	- case AF_INET6:
	+ case PF_AF_INET6:
	/* pf_route6() returns unlocked. */
	pf_route6(m0, r, kif->pfik_ifp, s, &pd, inp);
	break;
	#endif
	- default:
	- panic("Unknown af %d", af);
	}
	goto out;
	}
	@@ -9439,7 +9432,7 @@

	#ifdef INET6
	/* If reassembled packet passed, create new fragments. */
	- if (af == AF_INET6 && action == PF_PASS && *m0 && dir == PF_OUT &&
	+ if (af == PF_AF_INET6 && action == PF_PASS && *m0 && dir == PF_OUT &&
	(mtag = m_tag_find(m, PACKET_TAG_PF_REASSEMBLED, NULL)) != NULL)
	action = pf_refragment6(ifp, m0, mtag, pflags & PFIL_FWD);
	#endif
	diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c
	--- a/sys/netpfil/pf/pf_ioctl.c
	+++ b/sys/netpfil/pf/pf_ioctl.c
	@@ -6471,7 +6471,7 @@

	CURVNET_ASSERT_SET();

	- chk = pf_test(AF_INET, PF_IN, flags, ifp, m, inp, NULL);
	+ chk = pf_test(PF_AF_INET, PF_IN, flags, ifp, m, inp, NULL);

	return (pf_check_return(chk, m));
	}
	@@ -6484,7 +6484,7 @@

	CURVNET_ASSERT_SET();

	- chk = pf_test(AF_INET, PF_OUT, flags, ifp, m, inp, NULL);
	+ chk = pf_test(PF_AF_INET, PF_OUT, flags, ifp, m, inp, NULL);

	return (pf_check_return(chk, m));
	}
	@@ -6504,7 +6504,7 @@
	* order to support scoped addresses. In order to support stateful
	* filtering we have change this to lo0 as it is the case in IPv4.
	*/
	- chk = pf_test(AF_INET6, PF_IN, flags, (*m)->m_flags & M_LOOP ? V_loif : ifp,
	+ chk = pf_test(PF_AF_INET6, PF_IN, flags, (*m)->m_flags & M_LOOP ? V_loif : ifp,
	m, inp, NULL);

	return (pf_check_return(chk, m));
	@@ -6518,7 +6518,7 @@

	CURVNET_ASSERT_SET();

	- chk = pf_test(AF_INET6, PF_OUT, flags, ifp, m, inp, NULL);
	+ chk = pf_test(PF_AF_INET6, PF_OUT, flags, ifp, m, inp, NULL);

	return (pf_check_return(chk, m));
	}

File Metadata

Mime Type: text/plain
Expires: Thu, Jan 22, 11:45 AM (13 h, 47 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 27844999
Default Alt Text: D46683.id143378.diff (6 KB)

D46683.id143378.diffNo OneTemporaryActions

D46683.id143378.diffView Options

File Metadata

Event Timeline

D46683.id143378.diff
No OneTemporary
Actions

D46683.id143378.diff
View Options