Changeset View
Changeset View
Standalone View
Standalone View
sys/netpfil/pf/pf.c
Show First 20 Lines • Show All 6,147 Lines • ▼ Show 20 Lines | #endif /* ALTQ */ | ||||
* connections redirected to loopback should not match sockets | * connections redirected to loopback should not match sockets | ||||
* bound specifically to loopback due to security implications, | * bound specifically to loopback due to security implications, | ||||
* see tcp_input() and in_pcblookup_listen(). | * see tcp_input() and in_pcblookup_listen(). | ||||
*/ | */ | ||||
if (dir == PF_IN && action == PF_PASS && (pd.proto == IPPROTO_TCP || | if (dir == PF_IN && action == PF_PASS && (pd.proto == IPPROTO_TCP || | ||||
pd.proto == IPPROTO_UDP) && s != NULL && s->nat_rule.ptr != NULL && | pd.proto == IPPROTO_UDP) && s != NULL && s->nat_rule.ptr != NULL && | ||||
(s->nat_rule.ptr->action == PF_RDR || | (s->nat_rule.ptr->action == PF_RDR || | ||||
s->nat_rule.ptr->action == PF_BINAT) && | s->nat_rule.ptr->action == PF_BINAT) && | ||||
(ntohl(pd.dst->v4.s_addr) >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET) | IN_LOOPBACK(ntohl(pd.dst->v4.s_addr))) | ||||
m->m_flags |= M_SKIP_FIREWALL; | m->m_flags |= M_SKIP_FIREWALL; | ||||
if (action == PF_PASS && r->divert.port && ip_divert_ptr != NULL && | if (action == PF_PASS && r->divert.port && ip_divert_ptr != NULL && | ||||
!PACKET_LOOPED(&pd)) { | !PACKET_LOOPED(&pd)) { | ||||
ipfwtag = m_tag_alloc(MTAG_IPFW_RULE, 0, | ipfwtag = m_tag_alloc(MTAG_IPFW_RULE, 0, | ||||
sizeof(struct ipfw_rule_ref), M_NOWAIT | M_ZERO); | sizeof(struct ipfw_rule_ref), M_NOWAIT | M_ZERO); | ||||
if (ipfwtag != NULL) { | if (ipfwtag != NULL) { | ||||
▲ Show 20 Lines • Show All 524 Lines • Show Last 20 Lines |