Changeset View
Changeset View
Standalone View
Standalone View
sys/netpfil/pf/pf_norm.c
| Show First 20 Lines • Show All 128 Lines • ▼ Show 20 Lines | |||||
| static int pf_frag_compare(struct pf_fragment *, | static int pf_frag_compare(struct pf_fragment *, | ||||
| struct pf_fragment *); | struct pf_fragment *); | ||||
| static RB_PROTOTYPE(pf_frag_tree, pf_fragment, fr_entry, pf_frag_compare); | static RB_PROTOTYPE(pf_frag_tree, pf_fragment, fr_entry, pf_frag_compare); | ||||
| static RB_GENERATE(pf_frag_tree, pf_fragment, fr_entry, pf_frag_compare); | static RB_GENERATE(pf_frag_tree, pf_fragment, fr_entry, pf_frag_compare); | ||||
| static void pf_flush_fragments(void); | static void pf_flush_fragments(void); | ||||
| static void pf_free_fragment(struct pf_fragment *); | static void pf_free_fragment(struct pf_fragment *); | ||||
| static void pf_remove_fragment(struct pf_fragment *); | static void pf_remove_fragment(struct pf_fragment *); | ||||
| static int pf_normalize_tcpopt(struct pf_rule *, struct mbuf *, | static int pf_normalize_tcpopt(struct pf_krule *, struct mbuf *, | ||||
| struct tcphdr *, int, sa_family_t); | struct tcphdr *, int, sa_family_t); | ||||
| static struct pf_frent *pf_create_fragment(u_short *); | static struct pf_frent *pf_create_fragment(u_short *); | ||||
| static int pf_frent_holes(struct pf_frent *frent); | static int pf_frent_holes(struct pf_frent *frent); | ||||
| static struct pf_fragment *pf_find_fragment(struct pf_fragment_cmp *key, | static struct pf_fragment *pf_find_fragment(struct pf_fragment_cmp *key, | ||||
| struct pf_frag_tree *tree); | struct pf_frag_tree *tree); | ||||
| static inline int pf_frent_index(struct pf_frent *); | static inline int pf_frent_index(struct pf_frent *); | ||||
| static int pf_frent_insert(struct pf_fragment *, | static int pf_frent_insert(struct pf_fragment *, | ||||
| struct pf_frent *, struct pf_frent *); | struct pf_frent *, struct pf_frent *); | ||||
| ▲ Show 20 Lines • Show All 846 Lines • ▼ Show 20 Lines | |||||
| #endif /* INET6 */ | #endif /* INET6 */ | ||||
| #ifdef INET | #ifdef INET | ||||
| int | int | ||||
| pf_normalize_ip(struct mbuf **m0, int dir, struct pfi_kif *kif, u_short *reason, | pf_normalize_ip(struct mbuf **m0, int dir, struct pfi_kif *kif, u_short *reason, | ||||
| struct pf_pdesc *pd) | struct pf_pdesc *pd) | ||||
| { | { | ||||
| struct mbuf *m = *m0; | struct mbuf *m = *m0; | ||||
| struct pf_rule *r; | struct pf_krule *r; | ||||
| struct ip *h = mtod(m, struct ip *); | struct ip *h = mtod(m, struct ip *); | ||||
| int mff = (ntohs(h->ip_off) & IP_MF); | int mff = (ntohs(h->ip_off) & IP_MF); | ||||
| int hlen = h->ip_hl << 2; | int hlen = h->ip_hl << 2; | ||||
| u_int16_t fragoff = (ntohs(h->ip_off) & IP_OFFMASK) << 3; | u_int16_t fragoff = (ntohs(h->ip_off) & IP_OFFMASK) << 3; | ||||
| u_int16_t max; | u_int16_t max; | ||||
| int ip_len; | int ip_len; | ||||
| int ip_off; | int ip_off; | ||||
| int tag = -1; | int tag = -1; | ||||
| ▲ Show 20 Lines • Show All 124 Lines • ▼ Show 20 Lines | |||||
| #endif | #endif | ||||
| #ifdef INET6 | #ifdef INET6 | ||||
| int | int | ||||
| pf_normalize_ip6(struct mbuf **m0, int dir, struct pfi_kif *kif, | pf_normalize_ip6(struct mbuf **m0, int dir, struct pfi_kif *kif, | ||||
| u_short *reason, struct pf_pdesc *pd) | u_short *reason, struct pf_pdesc *pd) | ||||
| { | { | ||||
| struct mbuf *m = *m0; | struct mbuf *m = *m0; | ||||
| struct pf_rule *r; | struct pf_krule *r; | ||||
| struct ip6_hdr *h = mtod(m, struct ip6_hdr *); | struct ip6_hdr *h = mtod(m, struct ip6_hdr *); | ||||
| int extoff; | int extoff; | ||||
| int off; | int off; | ||||
| struct ip6_ext ext; | struct ip6_ext ext; | ||||
| struct ip6_opt opt; | struct ip6_opt opt; | ||||
| struct ip6_frag frag; | struct ip6_frag frag; | ||||
| u_int32_t plen; | u_int32_t plen; | ||||
| int optend; | int optend; | ||||
| ▲ Show 20 Lines • Show All 143 Lines • ▼ Show 20 Lines | drop: | ||||
| return (PF_DROP); | return (PF_DROP); | ||||
| } | } | ||||
| #endif /* INET6 */ | #endif /* INET6 */ | ||||
| int | int | ||||
| pf_normalize_tcp(int dir, struct pfi_kif *kif, struct mbuf *m, int ipoff, | pf_normalize_tcp(int dir, struct pfi_kif *kif, struct mbuf *m, int ipoff, | ||||
| int off, void *h, struct pf_pdesc *pd) | int off, void *h, struct pf_pdesc *pd) | ||||
| { | { | ||||
| struct pf_rule *r, *rm = NULL; | struct pf_krule *r, *rm = NULL; | ||||
| struct tcphdr *th = pd->hdr.tcp; | struct tcphdr *th = pd->hdr.tcp; | ||||
| int rewrite = 0; | int rewrite = 0; | ||||
| u_short reason; | u_short reason; | ||||
| u_int8_t flags; | u_int8_t flags; | ||||
| sa_family_t af = pd->af; | sa_family_t af = pd->af; | ||||
| PF_RULES_RASSERT(); | PF_RULES_RASSERT(); | ||||
| ▲ Show 20 Lines • Show All 586 Lines • ▼ Show 20 Lines | if (got_ts && src->scrub && PFSS_TIMESTAMP == (src->scrub->pfss_flags & | ||||
| } | } | ||||
| } | } | ||||
| /* I have a dream.... TCP segment reassembly.... */ | /* I have a dream.... TCP segment reassembly.... */ | ||||
| return (0); | return (0); | ||||
| } | } | ||||
| static int | static int | ||||
| pf_normalize_tcpopt(struct pf_rule *r, struct mbuf *m, struct tcphdr *th, | pf_normalize_tcpopt(struct pf_krule *r, struct mbuf *m, struct tcphdr *th, | ||||
| int off, sa_family_t af) | int off, sa_family_t af) | ||||
| { | { | ||||
| u_int16_t *mss; | u_int16_t *mss; | ||||
| int thoff; | int thoff; | ||||
| int opt, cnt, optlen = 0; | int opt, cnt, optlen = 0; | ||||
| int rewrite = 0; | int rewrite = 0; | ||||
| u_char opts[TCP_MAXOLEN]; | u_char opts[TCP_MAXOLEN]; | ||||
| u_char *optp = opts; | u_char *optp = opts; | ||||
| ▲ Show 20 Lines • Show All 102 Lines • Show Last 20 Lines | |||||