Changeset View
Changeset View
Standalone View
Standalone View
sys/net/if_bridge.c
Show First 20 Lines • Show All 3,359 Lines • ▼ Show 20 Lines | default: | ||||
*/ | */ | ||||
if (V_pfil_onlyip) | if (V_pfil_onlyip) | ||||
goto bad; | goto bad; | ||||
} | } | ||||
/* Run the packet through pfil before stripping link headers */ | /* Run the packet through pfil before stripping link headers */ | ||||
if (PFIL_HOOKED_OUT(V_link_pfil_head) && V_pfil_ipfw != 0 && | if (PFIL_HOOKED_OUT(V_link_pfil_head) && V_pfil_ipfw != 0 && | ||||
dir == PFIL_OUT && ifp != NULL) { | dir == PFIL_OUT && ifp != NULL) { | ||||
switch (pfil_run_hooks(V_link_pfil_head, mp, ifp, dir, NULL)) { | switch (pfil_mbuf_out(V_link_pfil_head, mp, ifp, NULL)) { | ||||
case PFIL_DROPPED: | case PFIL_DROPPED: | ||||
return (EACCES); | return (EACCES); | ||||
case PFIL_CONSUMED: | case PFIL_CONSUMED: | ||||
return (0); | return (0); | ||||
} | } | ||||
} | } | ||||
/* Strip off the Ethernet header and keep a copy. */ | /* Strip off the Ethernet header and keep a copy. */ | ||||
Show All 37 Lines | case ETHERTYPE_IP: | ||||
/* | /* | ||||
* Run pfil on the member interface and the bridge, both can | * Run pfil on the member interface and the bridge, both can | ||||
* be skipped by clearing pfil_member or pfil_bridge. | * be skipped by clearing pfil_member or pfil_bridge. | ||||
* | * | ||||
* Keep the order: | * Keep the order: | ||||
* in_if -> bridge_if -> out_if | * in_if -> bridge_if -> out_if | ||||
*/ | */ | ||||
if (V_pfil_bridge && dir == PFIL_OUT && bifp != NULL && (rv = | if (V_pfil_bridge && dir == PFIL_OUT && bifp != NULL && (rv = | ||||
pfil_run_hooks(V_inet_pfil_head, mp, bifp, dir, NULL)) != | pfil_mbuf_out(V_inet_pfil_head, mp, bifp, NULL)) != | ||||
PFIL_PASS) | PFIL_PASS) | ||||
break; | break; | ||||
if (V_pfil_member && ifp != NULL && (rv = | if (V_pfil_member && ifp != NULL) { | ||||
pfil_run_hooks(V_inet_pfil_head, mp, ifp, dir, NULL)) != | rv = (dir == PFIL_OUT) ? | ||||
PFIL_PASS) | pfil_mbuf_out(V_inet_pfil_head, mp, ifp, NULL) : | ||||
pfil_mbuf_in(V_inet_pfil_head, mp, ifp, NULL); | |||||
if (rv != PFIL_PASS) | |||||
break; | break; | ||||
} | |||||
if (V_pfil_bridge && dir == PFIL_IN && bifp != NULL && (rv = | if (V_pfil_bridge && dir == PFIL_IN && bifp != NULL && (rv = | ||||
pfil_run_hooks(V_inet_pfil_head, mp, bifp, dir, NULL)) != | pfil_mbuf_in(V_inet_pfil_head, mp, bifp, NULL)) != | ||||
PFIL_PASS) | PFIL_PASS) | ||||
break; | break; | ||||
/* check if we need to fragment the packet */ | /* check if we need to fragment the packet */ | ||||
/* bridge_fragment generates a mbuf chain of packets */ | /* bridge_fragment generates a mbuf chain of packets */ | ||||
/* that already include eth headers */ | /* that already include eth headers */ | ||||
if (V_pfil_member && ifp != NULL && dir == PFIL_OUT) { | if (V_pfil_member && ifp != NULL && dir == PFIL_OUT) { | ||||
i = (*mp)->m_pkthdr.len; | i = (*mp)->m_pkthdr.len; | ||||
Show All 21 Lines | if (hlen == sizeof(struct ip)) | ||||
ip->ip_sum = in_cksum_hdr(ip); | ip->ip_sum = in_cksum_hdr(ip); | ||||
else | else | ||||
ip->ip_sum = in_cksum(*mp, hlen); | ip->ip_sum = in_cksum(*mp, hlen); | ||||
break; | break; | ||||
#ifdef INET6 | #ifdef INET6 | ||||
case ETHERTYPE_IPV6: | case ETHERTYPE_IPV6: | ||||
if (V_pfil_bridge && dir == PFIL_OUT && bifp != NULL && (rv = | if (V_pfil_bridge && dir == PFIL_OUT && bifp != NULL && (rv = | ||||
pfil_run_hooks(V_inet6_pfil_head, mp, bifp, dir, NULL)) != | pfil_mbuf_out(V_inet6_pfil_head, mp, bifp, NULL)) != | ||||
PFIL_PASS) | PFIL_PASS) | ||||
break; | break; | ||||
if (V_pfil_member && ifp != NULL && (rv = | if (V_pfil_member && ifp != NULL) { | ||||
pfil_run_hooks(V_inet6_pfil_head, mp, ifp, dir, NULL)) != | rv = (dir == PFIL_OUT) ? | ||||
PFIL_PASS) | pfil_mbuf_out(V_inet6_pfil_head, mp, ifp, NULL) : | ||||
pfil_mbuf_in(V_inet6_pfil_head, mp, ifp, NULL); | |||||
if (rv != PFIL_PASS) | |||||
break; | break; | ||||
} | |||||
if (V_pfil_bridge && dir == PFIL_IN && bifp != NULL && (rv = | if (V_pfil_bridge && dir == PFIL_IN && bifp != NULL && (rv = | ||||
pfil_run_hooks(V_inet6_pfil_head, mp, bifp, dir, NULL)) != | pfil_mbuf_in(V_inet6_pfil_head, mp, bifp, NULL)) != | ||||
PFIL_PASS) | PFIL_PASS) | ||||
break; | break; | ||||
break; | break; | ||||
#endif | #endif | ||||
} | } | ||||
switch (rv) { | switch (rv) { | ||||
case PFIL_CONSUMED: | case PFIL_CONSUMED: | ||||
▲ Show 20 Lines • Show All 310 Lines • Show Last 20 Lines |