Changeset View
Changeset View
Standalone View
Standalone View
sys/netinet/ip_fastfwd.c
| Show First 20 Lines • Show All 84 Lines • ▼ Show 20 Lines | |||||
| #include <sys/kernel.h> | #include <sys/kernel.h> | ||||
| #include <sys/malloc.h> | #include <sys/malloc.h> | ||||
| #include <sys/mbuf.h> | #include <sys/mbuf.h> | ||||
| #include <sys/protosw.h> | #include <sys/protosw.h> | ||||
| #include <sys/sdt.h> | #include <sys/sdt.h> | ||||
| #include <sys/socket.h> | #include <sys/socket.h> | ||||
| #include <sys/sysctl.h> | #include <sys/sysctl.h> | ||||
| #include <net/pfil.h> | |||||
| #include <net/if.h> | #include <net/if.h> | ||||
| #include <net/if_types.h> | #include <net/if_types.h> | ||||
| #include <net/if_var.h> | #include <net/if_var.h> | ||||
| #include <net/if_dl.h> | #include <net/if_dl.h> | ||||
| #include <net/pfil.h> | |||||
| #include <net/route.h> | #include <net/route.h> | ||||
| #include <net/vnet.h> | #include <net/vnet.h> | ||||
| #include <netinet/in.h> | #include <netinet/in.h> | ||||
| #include <netinet/in_fib.h> | #include <netinet/in_fib.h> | ||||
| #include <netinet/in_kdtrace.h> | #include <netinet/in_kdtrace.h> | ||||
| #include <netinet/in_systm.h> | #include <netinet/in_systm.h> | ||||
| #include <netinet/in_var.h> | #include <netinet/in_var.h> | ||||
| ▲ Show 20 Lines • Show All 117 Lines • ▼ Show 20 Lines | #endif | ||||
| * Step 3: incoming packet firewall processing | * Step 3: incoming packet firewall processing | ||||
| */ | */ | ||||
| odest.s_addr = dest.s_addr = ip->ip_dst.s_addr; | odest.s_addr = dest.s_addr = ip->ip_dst.s_addr; | ||||
| /* | /* | ||||
| * Run through list of ipfilter hooks for input packets | * Run through list of ipfilter hooks for input packets | ||||
| */ | */ | ||||
| if (!PFIL_HOOKED(&V_inet_pfil_hook)) | if (!PFIL_HOOKED_IN(V_inet_pfil_head)) | ||||
| goto passin; | goto passin; | ||||
| if (pfil_run_hooks( | if (pfil_run_hooks(V_inet_pfil_head, &m, m->m_pkthdr.rcvif, PFIL_IN, | ||||
| &V_inet_pfil_hook, &m, m->m_pkthdr.rcvif, PFIL_IN, 0, NULL) || | NULL) != PFIL_PASS) | ||||
| m == NULL) | |||||
| goto drop; | goto drop; | ||||
| M_ASSERTVALID(m); | M_ASSERTVALID(m); | ||||
| M_ASSERTPKTHDR(m); | M_ASSERTPKTHDR(m); | ||||
| ip = mtod(m, struct ip *); /* m may have changed by pfil hook */ | ip = mtod(m, struct ip *); /* m may have changed by pfil hook */ | ||||
| dest.s_addr = ip->ip_dst.s_addr; | dest.s_addr = ip->ip_dst.s_addr; | ||||
| ▲ Show 20 Lines • Show All 71 Lines • ▼ Show 20 Lines | #endif | ||||
| /* | /* | ||||
| * Avoid second route lookup by caching destination. | * Avoid second route lookup by caching destination. | ||||
| */ | */ | ||||
| rtdest.s_addr = dest.s_addr; | rtdest.s_addr = dest.s_addr; | ||||
| /* | /* | ||||
| * Step 5: outgoing firewall packet processing | * Step 5: outgoing firewall packet processing | ||||
| */ | */ | ||||
| if (!PFIL_HOOKED(&V_inet_pfil_hook)) | if (!PFIL_HOOKED_OUT(V_inet_pfil_head)) | ||||
| goto passout; | goto passout; | ||||
| if (pfil_run_hooks(&V_inet_pfil_hook, &m, nh.nh_ifp, PFIL_OUT, PFIL_FWD, | if (pfil_run_hooks(V_inet_pfil_head, &m, nh.nh_ifp, | ||||
| NULL) || m == NULL) { | PFIL_OUT | PFIL_FWD, NULL) != PFIL_PASS) | ||||
| goto drop; | goto drop; | ||||
| } | |||||
| M_ASSERTVALID(m); | M_ASSERTVALID(m); | ||||
| M_ASSERTPKTHDR(m); | M_ASSERTPKTHDR(m); | ||||
| ip = mtod(m, struct ip *); | ip = mtod(m, struct ip *); | ||||
| dest.s_addr = ip->ip_dst.s_addr; | dest.s_addr = ip->ip_dst.s_addr; | ||||
| /* | /* | ||||
| ▲ Show 20 Lines • Show All 121 Lines • Show Last 20 Lines | |||||