summaryrefslogtreecommitdiff
path: root/sys/net/pf.c
diff options
context:
space:
mode:
authorCedric Berger <cedric@cvs.openbsd.org>2004-06-06 16:49:10 +0000
committerCedric Berger <cedric@cvs.openbsd.org>2004-06-06 16:49:10 +0000
commit9e25ab1fcd3c8a3b75b6ae3c7ca26a172a86d2e8 (patch)
tree021044703db486221cd747d714184ece1513b162 /sys/net/pf.c
parentac4791c970556454694a0c9ab754ea95de5b9bc1 (diff)
extend routing table to be able to match and route packets based on
their *source* IP address in addition to their destination address. routing table "destination" now contains a "struct sockaddr_rtin" for IPv4 instead of a "struct sockaddr_in". the routing socket has been extended in a backward-compatible way. todo: PMTU enhancements, IPv6. ok deraadt@ mcbride@
Diffstat (limited to 'sys/net/pf.c')
-rw-r--r--sys/net/pf.c28
1 files changed, 16 insertions, 12 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c
index 12cff3c1ef8..0eead2874af 100644
--- a/sys/net/pf.c
+++ b/sys/net/pf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf.c,v 1.449 2004/05/19 17:50:51 dhartmei Exp $ */
+/* $OpenBSD: pf.c,v 1.450 2004/06/06 16:49:08 cedric Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -199,8 +199,8 @@ u_int8_t pf_get_wscale(struct mbuf *, int, u_int16_t,
sa_family_t);
u_int16_t pf_get_mss(struct mbuf *, int, u_int16_t,
sa_family_t);
-u_int16_t pf_calc_mss(struct pf_addr *, sa_family_t,
- u_int16_t);
+u_int16_t pf_calc_mss(struct pf_addr *, struct pf_addr *,
+ sa_family_t, u_int16_t);
void pf_set_rt_ifp(struct pf_state *,
struct pf_addr *);
int pf_check_proto_cksum(struct mbuf *, int, int,
@@ -2415,10 +2415,11 @@ pf_get_mss(struct mbuf *m, int off, u_int16_t th_off, sa_family_t af)
}
u_int16_t
-pf_calc_mss(struct pf_addr *addr, sa_family_t af, u_int16_t offer)
+pf_calc_mss(struct pf_addr *saddr, struct pf_addr *daddr, sa_family_t af,
+ u_int16_t offer)
{
#ifdef INET
- struct sockaddr_in *dst;
+ struct sockaddr_rtin *dst;
struct route ro;
#endif /* INET */
#ifdef INET6
@@ -2434,10 +2435,11 @@ pf_calc_mss(struct pf_addr *addr, sa_family_t af, u_int16_t offer)
case AF_INET:
hlen = sizeof(struct ip);
bzero(&ro, sizeof(ro));
- dst = (struct sockaddr_in *)&ro.ro_dst;
- dst->sin_family = AF_INET;
- dst->sin_len = sizeof(*dst);
- dst->sin_addr = addr->v4;
+ dst = satortin(&ro.ro_dst);
+ dst->rtin_family = AF_INET;
+ dst->rtin_len = sizeof(*dst);
+ dst->rtin_dst = daddr->v4;
+ dst->rtin_src = saddr->v4;
rtalloc_noclone(&ro, NO_CLONING);
rt = ro.ro_rt;
break;
@@ -2449,7 +2451,7 @@ pf_calc_mss(struct pf_addr *addr, sa_family_t af, u_int16_t offer)
dst6 = (struct sockaddr_in6 *)&ro6.ro_dst;
dst6->sin6_family = AF_INET6;
dst6->sin6_len = sizeof(*dst6);
- dst6->sin6_addr = addr->v6;
+ dst6->sin6_addr = daddr->v6;
rtalloc_noclone((struct route *)&ro6, NO_CLONING);
rt = ro6.ro_rt;
break;
@@ -2838,8 +2840,8 @@ cleanup:
s->src.seqhi = htonl(arc4random());
/* Find mss option */
mss = pf_get_mss(m, off, th->th_off, af);
- mss = pf_calc_mss(saddr, af, mss);
- mss = pf_calc_mss(daddr, af, mss);
+ mss = pf_calc_mss(saddr, daddr, af, mss);
+ mss = pf_calc_mss(daddr, saddr, af, mss);
s->src.mss = mss;
pf_send_tcp(r, af, daddr, saddr, th->th_dport,
th->th_sport, s->src.seqhi, ntohl(th->th_seq) + 1,
@@ -4999,7 +5001,9 @@ pf_route(struct mbuf **m, struct pf_rule *r, int dir, struct ifnet *oifp,
dst->sin_addr = ip->ip_dst;
if (r->rt == PF_FASTROUTE) {
+ satortin(&ro->ro_dst)->rtin_src = ip->ip_src;
rtalloc(ro);
+ satortin(&ro->ro_dst)->rtin_src.s_addr = 0;
if (ro->ro_rt == 0) {
ipstat.ips_noroute++;
goto bad;