Changeset View
Changeset View
Standalone View
Standalone View
sys/netgraph/ng_ipfw.c
Show First 20 Lines • Show All 227 Lines • ▼ Show 20 Lines | |||||
static int | static int | ||||
ng_ipfw_rcvdata(hook_p hook, item_p item) | ng_ipfw_rcvdata(hook_p hook, item_p item) | ||||
{ | { | ||||
struct m_tag *tag; | struct m_tag *tag; | ||||
struct ipfw_rule_ref *r; | struct ipfw_rule_ref *r; | ||||
struct mbuf *m; | struct mbuf *m; | ||||
struct ip *ip; | struct ip *ip; | ||||
struct epoch_tracker et; | |||||
int ret; | |||||
ret = 0; | |||||
NGI_GET_M(item, m); | NGI_GET_M(item, m); | ||||
NG_FREE_ITEM(item); | NG_FREE_ITEM(item); | ||||
tag = m_tag_locate(m, MTAG_IPFW_RULE, 0, NULL); | tag = m_tag_locate(m, MTAG_IPFW_RULE, 0, NULL); | ||||
if (tag == NULL) { | if (tag == NULL) { | ||||
NG_FREE_M(m); | NG_FREE_M(m); | ||||
return (EINVAL); /* XXX: find smth better */ | return (EINVAL); /* XXX: find smth better */ | ||||
} | } | ||||
if (m->m_len < sizeof(struct ip) && | if (m->m_len < sizeof(struct ip) && | ||||
(m = m_pullup(m, sizeof(struct ip))) == NULL) | (m = m_pullup(m, sizeof(struct ip))) == NULL) | ||||
return (ENOBUFS); | return (ENOBUFS); | ||||
ip = mtod(m, struct ip *); | ip = mtod(m, struct ip *); | ||||
r = (struct ipfw_rule_ref *)(tag + 1); | r = (struct ipfw_rule_ref *)(tag + 1); | ||||
if (r->info & IPFW_INFO_IN) { | |||||
switch (ip->ip_v) { | switch (ip->ip_v) { | ||||
#ifdef INET | #ifdef INET | ||||
case IPVERSION: | case IPVERSION: | ||||
NET_EPOCH_ENTER(et); | |||||
if (r->info & IPFW_INFO_IN) | |||||
ip_input(m); | ip_input(m); | ||||
return (0); | else | ||||
ret = ip_output(m, NULL, NULL, IP_FORWARDING, NULL, | |||||
NULL); | |||||
NET_EPOCH_EXIT(et); | |||||
return (ret); | |||||
#endif | #endif | ||||
#ifdef INET6 | #ifdef INET6 | ||||
case IPV6_VERSION >> 4: | case IPV6_VERSION >> 4: | ||||
NET_EPOCH_ENTER(et); | |||||
if (r->info & IPFW_INFO_IN) | |||||
ip6_input(m); | ip6_input(m); | ||||
return (0); | else | ||||
ret = ip6_output(m, NULL, NULL, 0, NULL, NULL, NULL); | |||||
NET_EPOCH_EXIT(et); | |||||
return (ret); | |||||
#endif | #endif | ||||
} | default: | ||||
} else { | |||||
switch (ip->ip_v) { | |||||
#ifdef INET | |||||
case IPVERSION: | |||||
return (ip_output(m, NULL, NULL, IP_FORWARDING, | |||||
NULL, NULL)); | |||||
#endif | |||||
#ifdef INET6 | |||||
case IPV6_VERSION >> 4: | |||||
return (ip6_output(m, NULL, NULL, 0, NULL, | |||||
NULL, NULL)); | |||||
#endif | |||||
} | |||||
} | |||||
/* unknown IP protocol version */ | /* unknown IP protocol version */ | ||||
NG_FREE_M(m); | NG_FREE_M(m); | ||||
return (EPROTONOSUPPORT); | return (EPROTONOSUPPORT); | ||||
} | |||||
} | } | ||||
static int | static int | ||||
ng_ipfw_input(struct mbuf **m0, struct ip_fw_args *fwa, bool tee) | ng_ipfw_input(struct mbuf **m0, struct ip_fw_args *fwa, bool tee) | ||||
{ | { | ||||
struct mbuf *m; | struct mbuf *m; | ||||
hook_p hook; | hook_p hook; | ||||
int error = 0; | int error = 0; | ||||
▲ Show 20 Lines • Show All 69 Lines • Show Last 20 Lines |