Page MenuHomeFreeBSD
Differential D8058 Diff 21041 head/sys/netpfil/pf/pf.c

Changeset View

Standalone View

View Options

head/sys/netpfil/pf/pf.c

Show First 20 LinesShow All 3,626 Lines▼ Show 20 Lines#endif
s->timeout = PFTM_ICMP_FIRST_PACKET; s->timeout = PFTM_ICMP_FIRST_PACKET;
break; break;
default: default:
s->src.state = PFOTHERS_SINGLE; s->src.state = PFOTHERS_SINGLE;
s->dst.state = PFOTHERS_NO_TRAFFIC; s->dst.state = PFOTHERS_NO_TRAFFIC;
s->timeout = PFTM_OTHER_FIRST_PACKET; s->timeout = PFTM_OTHER_FIRST_PACKET;
} }
if (r->rt && r->rt != PF_FASTROUTE) { if (r->rt) {
if (pf_map_addr(pd->af, r, pd->src, &s->rt_addr, NULL, &sn)) { if (pf_map_addr(pd->af, r, pd->src, &s->rt_addr, NULL, &sn)) {
REASON_SET(&reason, PFRES_MAPFAILED); REASON_SET(&reason, PFRES_MAPFAILED);
pf_src_tree_remove_state(s); pf_src_tree_remove_state(s);
STATE_DEC_COUNTERS(s); STATE_DEC_COUNTERS(s);
uma_zfree(V_pf_state_z, s); uma_zfree(V_pf_state_z, s);
goto csfailed; goto csfailed;
} }
s->rt_kif = r->rpool.cur->kif; s->rt_kif = r->rpool.cur->kif;
▲ Show 20 LinesShow All 1,790 Lines▼ Show 20 Linespf_route(struct mbuf **m, struct pf_rule *r, int dir, struct ifnet *oifp,
ip = mtod(m0, struct ip *); ip = mtod(m0, struct ip *);
bzero(&dst, sizeof(dst)); bzero(&dst, sizeof(dst));
dst.sin_family = AF_INET; dst.sin_family = AF_INET;
dst.sin_len = sizeof(dst); dst.sin_len = sizeof(dst);
dst.sin_addr = ip->ip_dst; dst.sin_addr = ip->ip_dst;
if (r->rt == PF_FASTROUTE) {
struct nhop4_basic nh4;
if (s)
PF_STATE_UNLOCK(s);
if (fib4_lookup_nh_basic(M_GETFIB(m0), ip->ip_dst, 0,
m0->m_pkthdr.flowid, &nh4) != 0) {
KMOD_IPSTAT_INC(ips_noroute);
error = EHOSTUNREACH;
goto bad;
}
ifp = nh4.nh_ifp;
dst.sin_addr = nh4.nh_addr;
} else {
if (TAILQ_EMPTY(&r->rpool.list)) { if (TAILQ_EMPTY(&r->rpool.list)) {
DPFPRINTF(PF_DEBUG_URGENT, DPFPRINTF(PF_DEBUG_URGENT,
("%s: TAILQ_EMPTY(&r->rpool.list)\n", __func__)); ("%s: TAILQ_EMPTY(&r->rpool.list)\n", __func__));
goto bad_locked; goto bad_locked;
} }
if (s == NULL) { if (s == NULL) {
pf_map_addr(AF_INET, r, (struct pf_addr *)&ip->ip_src, pf_map_addr(AF_INET, r, (struct pf_addr *)&ip->ip_src,
&naddr, NULL, &sn); &naddr, NULL, &sn);
if (!PF_AZERO(&naddr, AF_INET)) if (!PF_AZERO(&naddr, AF_INET))
dst.sin_addr.s_addr = naddr.v4.s_addr; dst.sin_addr.s_addr = naddr.v4.s_addr;
ifp = r->rpool.cur->kif ? ifp = r->rpool.cur->kif ?
r->rpool.cur->kif->pfik_ifp : NULL; r->rpool.cur->kif->pfik_ifp : NULL;
} else { } else {
if (!PF_AZERO(&s->rt_addr, AF_INET)) if (!PF_AZERO(&s->rt_addr, AF_INET))
dst.sin_addr.s_addr = dst.sin_addr.s_addr =
s->rt_addr.v4.s_addr; s->rt_addr.v4.s_addr;
ifp = s->rt_kif ? s->rt_kif->pfik_ifp : NULL; ifp = s->rt_kif ? s->rt_kif->pfik_ifp : NULL;
PF_STATE_UNLOCK(s); PF_STATE_UNLOCK(s);
} }
}
if (ifp == NULL) if (ifp == NULL)
goto bad; goto bad;
if (oifp != ifp) { if (oifp != ifp) {
if (pf_test(PF_OUT, ifp, &m0, NULL) != PF_PASS) if (pf_test(PF_OUT, ifp, &m0, NULL) != PF_PASS)
goto bad; goto bad;
else if (m0 == NULL) else if (m0 == NULL)
goto done; goto done;
▲ Show 20 LinesShow All 123 Lines▼ Show 20 Linespf_route6(struct mbuf **m, struct pf_rule *r, int dir, struct ifnet *oifp,
} }
ip6 = mtod(m0, struct ip6_hdr *); ip6 = mtod(m0, struct ip6_hdr *);
bzero(&dst, sizeof(dst)); bzero(&dst, sizeof(dst));
dst.sin6_family = AF_INET6; dst.sin6_family = AF_INET6;
dst.sin6_len = sizeof(dst); dst.sin6_len = sizeof(dst);
dst.sin6_addr = ip6->ip6_dst; dst.sin6_addr = ip6->ip6_dst;
/* Cheat. XXX why only in the v6 case??? */
if (r->rt == PF_FASTROUTE) {
if (s)
PF_STATE_UNLOCK(s);
m0->m_flags |= M_SKIP_FIREWALL;
ip6_output(m0, NULL, NULL, 0, NULL, NULL, NULL);
*m = NULL;
return;
}
if (TAILQ_EMPTY(&r->rpool.list)) { if (TAILQ_EMPTY(&r->rpool.list)) {
DPFPRINTF(PF_DEBUG_URGENT, DPFPRINTF(PF_DEBUG_URGENT,
("%s: TAILQ_EMPTY(&r->rpool.list)\n", __func__)); ("%s: TAILQ_EMPTY(&r->rpool.list)\n", __func__));
goto bad_locked; goto bad_locked;
} }
if (s == NULL) { if (s == NULL) {
pf_map_addr(AF_INET6, r, (struct pf_addr *)&ip6->ip6_src, pf_map_addr(AF_INET6, r, (struct pf_addr *)&ip6->ip6_src,
▲ Show 20 LinesShow All 1,011 LinesShow Last 20 Lines