Changeset View
Changeset View
Standalone View
Standalone View
sys/netpfil/pf/pf.c
Show First 20 Lines • Show All 53 Lines • ▼ Show 20 Lines | |||||
#include <sys/interrupt.h> | #include <sys/interrupt.h> | ||||
#include <sys/kernel.h> | #include <sys/kernel.h> | ||||
#include <sys/kthread.h> | #include <sys/kthread.h> | ||||
#include <sys/limits.h> | #include <sys/limits.h> | ||||
#include <sys/mbuf.h> | #include <sys/mbuf.h> | ||||
#include <sys/md5.h> | #include <sys/md5.h> | ||||
#include <sys/random.h> | #include <sys/random.h> | ||||
#include <sys/refcount.h> | #include <sys/refcount.h> | ||||
#include <sys/sdt.h> | |||||
#include <sys/socket.h> | #include <sys/socket.h> | ||||
#include <sys/sysctl.h> | #include <sys/sysctl.h> | ||||
#include <sys/taskqueue.h> | #include <sys/taskqueue.h> | ||||
#include <sys/ucred.h> | #include <sys/ucred.h> | ||||
#include <net/if.h> | #include <net/if.h> | ||||
#include <net/if_var.h> | #include <net/if_var.h> | ||||
#include <net/if_types.h> | #include <net/if_types.h> | ||||
Show All 37 Lines | |||||
#include <netinet/sctp_crc32.h> | #include <netinet/sctp_crc32.h> | ||||
#endif | #endif | ||||
#include <machine/in_cksum.h> | #include <machine/in_cksum.h> | ||||
#include <security/mac/mac_framework.h> | #include <security/mac/mac_framework.h> | ||||
#define DPFPRINTF(n, x) if (V_pf_status.debug >= (n)) printf x | #define DPFPRINTF(n, x) if (V_pf_status.debug >= (n)) printf x | ||||
SDT_PROVIDER_DEFINE(pf); | |||||
SDT_PROBE_DEFINE4(pf, ip, test, done, "int", "int", "struct pf_krule *", | |||||
"struct pf_state *"); | |||||
SDT_PROBE_DEFINE4(pf, ip, test6, done, "int", "int", "struct pf_krule *", | |||||
"struct pf_state *"); | |||||
SDT_PROBE_DEFINE5(pf, ip, state, lookup, "struct pfi_kkif *", | |||||
"struct pf_state_key_cmp *", "int", "struct pf_pdesc *", | |||||
"struct pf_state *"); | |||||
/* | /* | ||||
* Global variables | * Global variables | ||||
*/ | */ | ||||
/* state tables */ | /* state tables */ | ||||
VNET_DEFINE(struct pf_altqqueue, pf_altqs[4]); | VNET_DEFINE(struct pf_altqqueue, pf_altqs[4]); | ||||
VNET_DEFINE(struct pf_kpalist, pf_pabuf); | VNET_DEFINE(struct pf_kpalist, pf_pabuf); | ||||
VNET_DEFINE(struct pf_altqqueue *, pf_altqs_active); | VNET_DEFINE(struct pf_altqqueue *, pf_altqs_active); | ||||
▲ Show 20 Lines • Show All 198 Lines • ▼ Show 20 Lines | |||||
VNET_DEFINE(struct pf_limit, pf_limits[PF_LIMIT_MAX]); | VNET_DEFINE(struct pf_limit, pf_limits[PF_LIMIT_MAX]); | ||||
#define PACKET_LOOPED(pd) ((pd)->pf_mtag && \ | #define PACKET_LOOPED(pd) ((pd)->pf_mtag && \ | ||||
(pd)->pf_mtag->flags & PF_PACKET_LOOPED) | (pd)->pf_mtag->flags & PF_PACKET_LOOPED) | ||||
#define STATE_LOOKUP(i, k, d, s, pd) \ | #define STATE_LOOKUP(i, k, d, s, pd) \ | ||||
do { \ | do { \ | ||||
(s) = pf_find_state((i), (k), (d)); \ | (s) = pf_find_state((i), (k), (d)); \ | ||||
SDT_PROBE5(pf, ip, state, lookup, i, k, d, pd, (s)); \ | |||||
if ((s) == NULL) \ | if ((s) == NULL) \ | ||||
return (PF_DROP); \ | return (PF_DROP); \ | ||||
if (PACKET_LOOPED(pd)) \ | if (PACKET_LOOPED(pd)) \ | ||||
return (PF_PASS); \ | return (PF_PASS); \ | ||||
if ((d) == PF_OUT && \ | if ((d) == PF_OUT && \ | ||||
(((s)->rule.ptr->rt == PF_ROUTETO && \ | (((s)->rule.ptr->rt == PF_ROUTETO && \ | ||||
(s)->rule.ptr->direction == PF_OUT) || \ | (s)->rule.ptr->direction == PF_OUT) || \ | ||||
((s)->rule.ptr->rt == PF_REPLYTO && \ | ((s)->rule.ptr->rt == PF_REPLYTO && \ | ||||
▲ Show 20 Lines • Show All 5,976 Lines • ▼ Show 20 Lines | if (r->rt) { | ||||
pf_route(m0, r, dir, kif->pfik_ifp, s, &pd, inp); | pf_route(m0, r, dir, kif->pfik_ifp, s, &pd, inp); | ||||
return (action); | return (action); | ||||
} | } | ||||
break; | break; | ||||
} | } | ||||
if (s) | if (s) | ||||
PF_STATE_UNLOCK(s); | PF_STATE_UNLOCK(s); | ||||
SDT_PROBE4(pf, ip, test, done, action, reason, r, s); | |||||
return (action); | return (action); | ||||
} | } | ||||
#endif /* INET */ | #endif /* INET */ | ||||
#ifdef INET6 | #ifdef INET6 | ||||
int | int | ||||
pf_test6(int dir, int pflags, struct ifnet *ifp, struct mbuf **m0, struct inpcb *inp) | pf_test6(int dir, int pflags, struct ifnet *ifp, struct mbuf **m0, struct inpcb *inp) | ||||
{ | { | ||||
▲ Show 20 Lines • Show All 391 Lines • ▼ Show 20 Lines | #endif /* ALTQ */ | ||||
if (s) | if (s) | ||||
PF_STATE_UNLOCK(s); | PF_STATE_UNLOCK(s); | ||||
/* If reassembled packet passed, create new fragments. */ | /* If reassembled packet passed, create new fragments. */ | ||||
if (action == PF_PASS && *m0 && (pflags & PFIL_FWD) && | if (action == PF_PASS && *m0 && (pflags & PFIL_FWD) && | ||||
(mtag = m_tag_find(m, PF_REASSEMBLED, NULL)) != NULL) | (mtag = m_tag_find(m, PF_REASSEMBLED, NULL)) != NULL) | ||||
action = pf_refragment6(ifp, m0, mtag); | action = pf_refragment6(ifp, m0, mtag); | ||||
SDT_PROBE4(pf, ip, test6, done, action, reason, r, s); | |||||
return (action); | return (action); | ||||
} | } | ||||
#endif /* INET6 */ | #endif /* INET6 */ |