backout IPv6 reass-on-scrub patch (more work needs to be done).

requested by deraadt

1 files changed, 11 insertions, 94 deletions

diff --git a/sys/net/pf.c b/sys/net/pf.c
index 1f5a2f3cae5..248b5df7e3e 100644
--- a/sys/net/pf.c
+++ b/sys/net/pf.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pf.c,v 1.456 2004/06/25 11:04:03 itojun Exp $ */
+/*	$OpenBSD: pf.c,v 1.457 2004/07/11 15:54:21 itojun Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -53,7 +53,6 @@
 #include <net/if_types.h>
 #include <net/bpf.h>
 #include <net/route.h>
-#include <net/netisr.h>
 
 #include <netinet/in.h>
 #include <netinet/in_var.h>
@@ -1301,7 +1300,7 @@ pf_send_tcp(const struct pf_rule *r, sa_family_t af,
 	if (m == NULL)
 		return;
 	if (tag) {
-		struct m_tag *mtag;
+		struct m_tag	*mtag;
 
 		mtag = m_tag_get(PACKET_TAG_PF_GENERATED, 0, M_NOWAIT);
 		if (mtag == NULL) {
@@ -5681,8 +5680,7 @@ pf_test6(int dir, struct ifnet *ifp, struct mbuf **m0,
 {
 	struct pfi_kif		*kif;
 	u_short			 action, reason = 0, log = 0;
-	struct mbuf		*m = *m0, *n;
-	struct mbuf		*frag;
+	struct mbuf		*m = *m0;
 	struct ip6_hdr		*h;
 	struct pf_rule		*a = NULL, *r = &pf_default_rule, *tr, *nr;
 	struct pf_state		*s = NULL;
@@ -5711,26 +5709,11 @@ pf_test6(int dir, struct ifnet *ifp, struct mbuf **m0,
 		goto done;
 	}
 
-	/*
-	 * We do IP header normalization and packet reassembly here.
-	 * due to KAME mbuf handling rule, pf_normalize_ip6 may lose mbuf,
-	 * so keep a copy here.
-	 */
-	frag = NULL;
-	n = m_copym(*m0, 0, M_COPYALL, M_DONTWAIT);
-	m = *m0;
-	if (pf_normalize_ip6(m0, dir, kif, &reason, &pd, &frag) != PF_PASS) {
+	/* We do IP header normalization and packet reassembly here */
+	if (pf_normalize_ip6(m0, dir, kif, &reason, &pd) != PF_PASS) {
 		action = PF_DROP;
-		if (!*m0)
-			*m0 = n;
-		else
-			m_freem(n);
 		goto done;
 	}
-	if (!*m0)
-		*m0 = n;
-	else
-		m_freem(n);
 	m = *m0;
 	h = mtod(m, struct ip6_hdr *);
 
@@ -5747,6 +5730,12 @@ pf_test6(int dir, struct ifnet *ifp, struct mbuf **m0,
 	pd.proto = h->ip6_nxt;
 	do {
 		switch (pd.proto) {
+		case IPPROTO_FRAGMENT:
+			action = pf_test_fragment(&r, dir, kif, m, h,
+			    &pd, &a, &ruleset);
+			if (action == PF_DROP)
+				REASON_SET(&reason, PFRES_FRAG);
+			goto done;
 		case IPPROTO_AH:
 		case IPPROTO_HOPOPTS:
 		case IPPROTO_ROUTING:
@@ -5771,7 +5760,6 @@ pf_test6(int dir, struct ifnet *ifp, struct mbuf **m0,
 			/* goto the next header */
 			break;
 		}
-		case IPPROTO_FRAGMENT:
 		default:
 			terminal++;
 			break;
@@ -5999,77 +5987,6 @@ done:
 		/* pf_route6 can free the mbuf causing *m0 to become NULL */
 		pf_route6(m0, r, dir, ifp, s);
 
-	/*
-	 * it's the tricky part - how to return value is different by caller
-	 */
-	switch (dir) {
-	case PF_IN:
-		if (frag) {
-			int s;
-			struct mbuf *q, *r;
-			struct m_tag *mtag;
-
-			if (action != PF_PASS) {
-				for (q = frag; q; q = r) {
-					r = q->m_nextpkt;
-					q->m_nextpkt = NULL;
-					m_freem(q);
-					q = NULL;
-				}
-				return (action);
-			}
-
-			for (q = frag; q; q = r) {
-				r = q->m_nextpkt;
-				q->m_nextpkt = NULL;
-
-				mtag = m_tag_get(PACKET_TAG_PF_FRAGCACHE,
-				    0, M_NOWAIT);
-				if (mtag == NULL) {
-					s = splimp();
-					IF_DROP(&ip6intrq);
-					splx(s);
-					m_freem(q);
-					q = NULL;
-					continue;
-				}
-				m_tag_prepend(q, mtag);
-
-				s = splimp();
-				IF_ENQUEUE(&ip6intrq, q);
-				q = NULL;
-				splx(s);
-			}
-			schednetisr(NETISR_IPV6);
-
-			m_freem(*m0);
-			*m0 = NULL;
-		}
-		return (PF_PASS);
-
-	case PF_OUT:
-		if (frag) {
-			struct mbuf *q, *r;
-			for (q = frag; q; q = r) {
-				r = q->m_nextpkt;
-				q->m_nextpkt = NULL;
-				m_freem(q);
-				q = NULL;
-			}
-		}
-		break;
-
-	case PF_FORWARD:
-		if (action == PF_PASS) {
-			if (frag) {
-				m_freem(*m0);
-				*m0 = NULL;
-				*m0 = frag;
-			} else
-				(*m0)->m_nextpkt = NULL;
-		}
-		break;
-	}
 	return (action);
 }
 #endif /* INET6 */