diff options
| author | Alexander Bluhm <bluhm@cvs.openbsd.org> | 2012-02-03 01:57:52 +0000 |
|---|---|---|
| committer | Alexander Bluhm <bluhm@cvs.openbsd.org> | 2012-02-03 01:57:52 +0000 |
| commit | 7db48897cce8ee5c8aea0cef26e52cee71293a13 (patch) | |
| tree | e9855df1dd9691dab22065d52f0c942eb2870ec7 /sys/net | |
| parent | b792a6b30d468e00be88e2a767497628a8554234 (diff) | |
The kernel did not compile without INET6. Put some #ifdefs into
pf to fix that.
- add #ifdef INET6 in obvious places
- af translation is only possible with both INET and INET6
- interleave #endif /* INET6 */ and closing brace correctly
- it is not necessary to #ifdef function prototypes
- do not compile af translate functions at all instead of empty stub,
then the linker will report inconsistencies
- pf_poolmask() actually takes an sa_family_t not an u_int8_t argument
No binary change for GENERIC compiled with -O2 and -UDIAGNOSTIC.
reported by Olivier Cochard-Labbe; ok mikeb@ henning@
Diffstat (limited to 'sys/net')
| -rw-r--r-- | sys/net/if_pflog.c | 10 | ||||
| -rw-r--r-- | sys/net/if_pfsync.c | 4 | ||||
| -rw-r--r-- | sys/net/pf.c | 62 | ||||
| -rw-r--r-- | sys/net/pf_lb.c | 6 | ||||
| -rw-r--r-- | sys/net/pf_norm.c | 10 | ||||
| -rw-r--r-- | sys/net/pfvar.h | 6 |
6 files changed, 67 insertions, 31 deletions
diff --git a/sys/net/if_pflog.c b/sys/net/if_pflog.c index 5fbd26c8fd1..5521d2f6233 100644 --- a/sys/net/if_pflog.c +++ b/sys/net/if_pflog.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_pflog.c,v 1.48 2012/01/27 15:30:16 bluhm Exp $ */ +/* $OpenBSD: if_pflog.c,v 1.49 2012/02/03 01:57:50 bluhm Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr) and @@ -331,10 +331,12 @@ pflog_bpfcopy(const void *src_arg, void *dst_arg, size_t len) m_inithdr(mhdr); mhdr->m_len = 0; /* XXX not done in m_inithdr() */ +#if INET && INET6 /* offset for a new header */ if (afto && pfloghdr->af == AF_INET) mhdr->m_data += sizeof(struct ip6_hdr) - sizeof(struct ip); +#endif /* INET && INET6 */ mdst = mtod(mhdr, char *); switch (pfloghdr->af) { @@ -351,6 +353,7 @@ pflog_bpfcopy(const void *src_arg, void *dst_arg, size_t len) mdst + sizeof(*h)); break; } +#ifdef INET6 case AF_INET6: { struct ip6_hdr *h; @@ -362,6 +365,7 @@ pflog_bpfcopy(const void *src_arg, void *dst_arg, size_t len) proto = h->ip6_nxt; break; } +#endif /* INET6 */ default: /* shouldn't happen ever :-) */ goto copy; @@ -409,10 +413,12 @@ pflog_bpfcopy(const void *src_arg, void *dst_arg, size_t len) pfloghdr->dir))) { m_copyback(pd.m, pd.off, min(pd.m->m_len - pd.off, pd.hdrlen), pd.hdr.any, M_NOWAIT); +#if INET && INET6 if (afto) { PF_ACPY(&pd.nsaddr, &pfloghdr->saddr, pd.naf); PF_ACPY(&pd.ndaddr, &pfloghdr->daddr, pd.naf); } +#endif /* INET && INET6 */ PF_ACPY(&pfloghdr->saddr, &osaddr, pd.af); PF_ACPY(&pfloghdr->daddr, &odaddr, pd.af); pfloghdr->sport = osport; @@ -422,8 +428,10 @@ pflog_bpfcopy(const void *src_arg, void *dst_arg, size_t len) pd.tot_len = min(pd.tot_len, len); pd.tot_len -= pd.m->m_data - pd.m->m_pktdat; +#if INET && INET6 if (afto && pfloghdr->rewritten) pf_translate_af(&pd); +#endif /* INET && INET6 */ m = pd.m; copy: diff --git a/sys/net/if_pfsync.c b/sys/net/if_pfsync.c index d3b1e43f41c..ad3193e3cc2 100644 --- a/sys/net/if_pfsync.c +++ b/sys/net/if_pfsync.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_pfsync.c,v 1.180 2012/01/16 10:28:02 mikeb Exp $ */ +/* $OpenBSD: if_pfsync.c,v 1.181 2012/02/03 01:57:50 bluhm Exp $ */ /* * Copyright (c) 2002 Michael Shalayeff @@ -1852,8 +1852,8 @@ pfsync_undefer(struct pfsync_deferral *pd, int drop) ip6_output(pd->pd_m, NULL, NULL, 0, NULL, NULL, NULL); break; - } #endif /* INET6 */ + } } } diff --git a/sys/net/pf.c b/sys/net/pf.c index 8e9f2bd2f2a..93d2bc6f6b5 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.800 2012/01/28 14:07:02 mikeb Exp $ */ +/* $OpenBSD: pf.c,v 1.801 2012/02/03 01:57:51 bluhm Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -152,10 +152,8 @@ void pf_change_ap(struct pf_addr *, u_int16_t *, u_int8_t, sa_family_t, sa_family_t); int pf_modulate_sack(struct pf_pdesc *, struct pf_state_peer *); -#ifdef INET6 void pf_change_a6(struct pf_addr *, u_int16_t *, struct pf_addr *, u_int8_t); -#endif /* INET6 */ int pf_icmp_mapping(struct pf_pdesc *, u_int8_t, int *, int *, u_int16_t *, u_int16_t *); void pf_change_icmp(struct pf_addr *, u_int16_t *, @@ -1926,10 +1924,10 @@ pf_change_icmp(struct pf_addr *ia, u_int16_t *ip, struct pf_addr *oa, } } +#if INET && INET6 int pf_translate_af(struct pf_pdesc *pd) { -#if INET && INET6 struct mbuf *mp; struct ip *ip4; struct ip6_hdr *ip6; @@ -1991,7 +1989,6 @@ pf_translate_af(struct pf_pdesc *pd) in6_cksum(pd->m, IPPROTO_ICMPV6, hlen, ntohs(ip6->ip6_plen)); } -#endif /* INET && INET6 */ return (0); } @@ -2001,7 +1998,6 @@ pf_change_icmp_af(struct mbuf *m, int off, struct pf_pdesc *pd, struct pf_pdesc *pd2, struct pf_addr *src, struct pf_addr *dst, sa_family_t af, sa_family_t naf) { -#if INET && INET6 struct mbuf *n = NULL; struct ip *ip4; struct ip6_hdr *ip6; @@ -2074,7 +2070,6 @@ pf_change_icmp_af(struct mbuf *m, int off, struct pf_pdesc *pd, mlen = n->m_pkthdr.len; m_cat(m, n); m->m_pkthdr.len += mlen; -#endif /* INET && INET6 */ return (0); } @@ -2086,7 +2081,6 @@ pf_change_icmp_af(struct mbuf *m, int off, struct pf_pdesc *pd, int pf_translate_icmp_af(int af, void *arg) { -#if INET && INET6 struct icmp *icmp4; struct icmp6_hdr *icmp6; u_int32_t mtu; @@ -2305,10 +2299,10 @@ pf_translate_icmp_af(int af, void *arg) } break; } -#endif /* INET && INET6 */ return (0); } +#endif /* INET && INET6 */ /* * Need to modulate the sequence numbers in the TCP SACK option @@ -3131,14 +3125,18 @@ pf_tcp_iss(struct pf_pdesc *pd) MD5Update(&ctx, (char *)&pd->hdr.tcp->th_sport, sizeof(u_short)); MD5Update(&ctx, (char *)&pd->hdr.tcp->th_dport, sizeof(u_short)); switch (pd->af) { +#ifdef INET case AF_INET: MD5Update(&ctx, (char *)&pd->src->v4, sizeof(struct in_addr)); MD5Update(&ctx, (char *)&pd->dst->v4, sizeof(struct in_addr)); break; +#endif /* INET */ +#ifdef INET6 case AF_INET6: MD5Update(&ctx, (char *)&pd->src->v6, sizeof(struct in6_addr)); MD5Update(&ctx, (char *)&pd->dst->v6, sizeof(struct in6_addr)); break; +#endif /* INET6 */ } MD5Final((u_char *)digest, &ctx); pf_tcp_iss_off += 4096; @@ -3524,10 +3522,12 @@ pf_test_rule(struct pf_pdesc *pd, struct pf_rule **rm, struct pf_state **sm, if (r->rule_flag & PFRULE_ONCE) pf_purge_rule(ruleset, r); - if (rewrite && skw->af != sks->af) { +#if INET && INET6 + if (rewrite && skw->af != sks->af) return (PF_AFRT); - } else - return (PF_PASS); +#endif /* INET && INET6 */ + + return (PF_PASS); cleanup: while ((ri = SLIST_FIRST(&rules))) { @@ -3784,10 +3784,12 @@ pf_translate(struct pf_pdesc *pd, struct pf_addr *saddr, u_int16_t sport, return (0); if (afto) { +#ifdef INET6 if (pf_translate_icmp_af(AF_INET6, pd->hdr.icmp)) return (0); pd->proto = IPPROTO_ICMPV6; rewrite = 1; +#endif /* INET6 */ } else { if (PF_ANEQ(saddr, pd->src, pd->af)) { pf_change_a(&pd->src->v4.s_addr, NULL, @@ -3821,11 +3823,13 @@ pf_translate(struct pf_pdesc *pd, struct pf_addr *saddr, u_int16_t sport, return (0); if (afto) { +#ifdef INET /* ip_sum will be recalculated in pf_translate_af */ if (pf_translate_icmp_af(AF_INET, pd->hdr.icmp6)) return (0); pd->proto = IPPROTO_ICMP; rewrite = 1; +#endif /* INET */ } else { if (PF_ANEQ(saddr, pd->src, pd->af)) { pf_change_a6(pd->src, @@ -4441,12 +4445,14 @@ pf_test_state_tcp(struct pf_pdesc *pd, struct pf_state **state, u_short *reason) nk->af); pd->m->m_pkthdr.rdomain = nk->rdomain; +#if INET && INET6 if (afto) { PF_ACPY(&pd->nsaddr, &nk->addr[sidx], nk->af); PF_ACPY(&pd->ndaddr, &nk->addr[didx], nk->af); pd->naf = nk->af; action = PF_AFRT; } +#endif /* INET && INET6 */ copyback = 1; } @@ -4525,12 +4531,14 @@ pf_test_state_udp(struct pf_pdesc *pd, struct pf_state **state) &nk->addr[didx], nk->port[didx], 1, pd->af, nk->af); pd->m->m_pkthdr.rdomain = nk->rdomain; +#if INET && INET6 if (afto) { PF_ACPY(&pd->nsaddr, &nk->addr[sidx], nk->af); PF_ACPY(&pd->ndaddr, &nk->addr[didx], nk->af); pd->naf = nk->af; action = PF_AFRT; } +#endif /* INET && INET6 */ m_copyback(pd->m, pd->off, sizeof(*uh), uh, M_NOWAIT); } @@ -4678,7 +4686,7 @@ pf_test_state_icmp(struct pf_pdesc *pd, struct pf_state **state, return (PF_DROP); pd->proto = IPPROTO_ICMPV6; } -#endif +#endif /* INET6 */ if (!afto && PF_ANEQ(pd->src, &nk->addr[sidx], AF_INET)) pf_change_a(&saddr->v4.s_addr, NULL, @@ -4714,7 +4722,7 @@ pf_test_state_icmp(struct pf_pdesc *pd, struct pf_state **state, return (PF_DROP); pd->proto = IPPROTO_ICMP; } -#endif +#endif /* INET */ if (!afto && PF_ANEQ(pd->src, &nk->addr[sidx], AF_INET6)) pf_change_a6(saddr, @@ -4739,12 +4747,14 @@ pf_test_state_icmp(struct pf_pdesc *pd, struct pf_state **state, break; #endif /* INET6 */ } +#if INET && INET6 if (afto) { PF_ACPY(&pd->nsaddr, &nk->addr[sidx], nk->af); PF_ACPY(&pd->ndaddr, &nk->addr[didx], nk->af); pd->naf = nk->af; return (PF_AFRT); } +#endif /* INET && INET6 */ } return (PF_PASS); @@ -5078,7 +5088,7 @@ pf_test_state_icmp(struct pf_pdesc *pd, struct pf_state **state, pd->naf = nk->af; return (PF_AFRT); } -#endif +#endif /* INET && INET6 */ if (PF_ANEQ(pd2.src, &nk->addr[pd2.sidx], pd2.af) || @@ -5199,7 +5209,7 @@ pf_test_state_icmp(struct pf_pdesc *pd, struct pf_state **state, pd->naf = nk->af; return (PF_AFRT); } -#endif +#endif /* INET6 */ if (PF_ANEQ(pd2.src, &nk->addr[pd2.sidx], pd2.af) || @@ -5318,7 +5328,7 @@ pf_test_state_icmp(struct pf_pdesc *pd, struct pf_state **state, pd->naf = nk->af; return (PF_AFRT); } -#endif +#endif /* INET */ if (PF_ANEQ(pd2.src, &nk->addr[pd2.sidx], pd2.af) || @@ -5506,6 +5516,7 @@ pf_test_state_other(struct pf_pdesc *pd, struct pf_state **state) if (pd->rdomain != nk->rdomain) pd->destchg = 1; +#if INET && INET6 if (afto) { PF_ACPY(&pd->nsaddr, &nk->addr[afto ? pd->didx : pd->sidx], nk->af); @@ -5515,6 +5526,7 @@ pf_test_state_other(struct pf_pdesc *pd, struct pf_state **state) pd->naf = nk->af; action = PF_AFRT; } +#endif /* INET && INET6 */ pd->m->m_pkthdr.rdomain = nk->rdomain; } @@ -5595,6 +5607,7 @@ pf_routable(struct pf_addr *addr, sa_family_t af, struct pfi_kif *kif, bzero(&ro, sizeof(ro)); ro.ro_tableid = rtableid; switch (af) { +#ifdef INET case AF_INET: dst = satosin(&ro.ro_dst); dst->sin_family = AF_INET; @@ -5603,6 +5616,7 @@ pf_routable(struct pf_addr *addr, sa_family_t af, struct pfi_kif *kif, if (ipmultipath) check_mpath = 1; break; +#endif /* INET */ #ifdef INET6 case AF_INET6: /* @@ -5675,12 +5689,14 @@ pf_rtlabel_match(struct pf_addr *addr, sa_family_t af, struct pf_addr_wrap *aw, bzero(&ro, sizeof(ro)); ro.ro_tableid = rtableid; switch (af) { +#ifdef INET case AF_INET: dst = satosin(&ro.ro_dst); dst->sin_family = AF_INET; dst->sin_len = sizeof(*dst); dst->sin_addr = addr->v4; break; +#endif /* INET */ #ifdef INET6 case AF_INET6: dst6 = (struct sockaddr_in6 *)&ro.ro_dst; @@ -6119,6 +6135,7 @@ pf_get_divert(struct mbuf *m) return ((struct pf_divert *)(mtag + 1)); } +#ifdef INET6 int pf_walk_option6(struct pf_pdesc *pd, struct ip6_hdr *h, int off, int end, u_short *reason) @@ -6297,6 +6314,7 @@ pf_walk_header6(struct pf_pdesc *pd, struct ip6_hdr *h, u_short *reason) } } } +#endif /* INET6 */ int pf_setup_pdesc(struct pf_pdesc *pd, void *pdhdrs, sa_family_t af, int dir, @@ -6347,7 +6365,7 @@ pf_setup_pdesc(struct pf_pdesc *pd, void *pdhdrs, sa_family_t af, int dir, break; } -#endif +#endif /* INET */ #ifdef INET6 case AF_INET6: { struct ip6_hdr *h; @@ -6394,7 +6412,7 @@ pf_setup_pdesc(struct pf_pdesc *pd, void *pdhdrs, sa_family_t af, int dir, break; } -#endif +#endif /* INET6 */ default: panic("pf_setup_pdesc called with illegal af %u", pd->af); @@ -6700,6 +6718,7 @@ pf_test(sa_family_t af, int fwdir, struct ifnet *ifp, struct mbuf **m0, break; } +#ifdef INET6 case IPPROTO_ICMPV6: { if (pd.af != AF_INET6) { action = PF_DROP; @@ -6720,6 +6739,7 @@ pf_test(sa_family_t af, int fwdir, struct ifnet *ifp, struct mbuf **m0, action = pf_test_rule(&pd, &r, &s, &a, &ruleset); break; } +#endif /* INET6 */ default: action = pf_test_state_other(&pd, &s); @@ -6855,6 +6875,7 @@ done: *m0 = NULL; action = PF_PASS; break; +#if INET && INET6 case PF_AFRT: if (pf_translate_af(&pd)) { if (!pd.m) @@ -6864,13 +6885,12 @@ done: } if (pd.naf == AF_INET) pf_route(&pd.m, r, dir, kif->pfik_ifp, s); -#ifdef INET6 if (pd.naf == AF_INET6) pf_route6(&pd.m, r, dir, kif->pfik_ifp, s); -#endif *m0 = NULL; action = PF_PASS; break; +#endif /* INET && INET6 */ default: /* pf_route can free the mbuf causing *m0 to become NULL */ if (r->rt) { diff --git a/sys/net/pf_lb.c b/sys/net/pf_lb.c index 6082cb905ef..a88bce0f669 100644 --- a/sys/net/pf_lb.c +++ b/sys/net/pf_lb.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_lb.c,v 1.19 2011/10/13 18:23:40 claudio Exp $ */ +/* $OpenBSD: pf_lb.c,v 1.20 2012/02/03 01:57:51 bluhm Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -582,8 +582,10 @@ pf_get_transaddr(struct pf_rule *r, struct pf_pdesc *pd, struct pf_addr naddr; u_int16_t nport = 0; +#ifdef INET6 if (pd->af != pd->naf) return (pf_get_transaddr_af(r, pd, sns)); +#endif /* INET6 */ if (r->nat.addr.type != PF_ADDR_NONE) { /* XXX is this right? what if rtable is changed at the same @@ -632,6 +634,7 @@ pf_get_transaddr(struct pf_rule *r, struct pf_pdesc *pd, return (0); } +#ifdef INET6 int pf_get_transaddr_af(struct pf_rule *r, struct pf_pdesc *pd, struct pf_src_node **sns) @@ -760,6 +763,7 @@ pf_get_transaddr_af(struct pf_rule *r, struct pf_pdesc *pd, return (0); } +#endif /* INET6 */ int pf_postprocess_addr(struct pf_state *cur) { diff --git a/sys/net/pf_norm.c b/sys/net/pf_norm.c index 4e8d6e61402..4e305397926 100644 --- a/sys/net/pf_norm.c +++ b/sys/net/pf_norm.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_norm.c,v 1.152 2012/01/26 20:16:06 bluhm Exp $ */ +/* $OpenBSD: pf_norm.c,v 1.153 2012/02/03 01:57:51 bluhm Exp $ */ /* * Copyright 2001 Niels Provos <provos@citi.umich.edu> @@ -128,7 +128,7 @@ int pf_reassemble(struct mbuf **, int, u_short *); #ifdef INET6 int pf_reassemble6(struct mbuf **, struct ip6_frag *, u_int16_t, u_int16_t, int, u_short *); -#endif +#endif /* INET6 */ /* Globals */ struct pool pf_frent_pl, pf_frag_pl; @@ -363,8 +363,10 @@ pf_fillup_fragment(struct pf_fragment_cmp *key, struct pf_frent *frent, if (prev != NULL && prev->fe_off + prev->fe_len > frent->fe_off) { u_int16_t precut; +#ifdef INET6 if (frag->fr_af == AF_INET6) goto free_fragment; +#endif /* INET6 */ precut = prev->fe_off + prev->fe_len - frent->fe_off; if (precut >= frent->fe_len) { @@ -382,8 +384,10 @@ pf_fillup_fragment(struct pf_fragment_cmp *key, struct pf_frent *frent, { u_int16_t aftercut; +#ifdef INET6 if (frag->fr_af == AF_INET6) goto free_fragment; +#endif /* INET6 */ aftercut = frent->fe_off + frent->fe_len - after->fe_off; if (aftercut < after->fe_len) { @@ -411,6 +415,7 @@ pf_fillup_fragment(struct pf_fragment_cmp *key, struct pf_frent *frent, return (frag); +#ifdef INET6 free_fragment: /* * RFC 5722, Errata 3089: When reassembling an IPv6 datagram, if one @@ -420,6 +425,7 @@ pf_fillup_fragment(struct pf_fragment_cmp *key, struct pf_frent *frent, */ DPFPRINTF(LOG_NOTICE, "flush overlapping fragments"); pf_free_fragment(frag); +#endif /* INET6 */ bad_fragment: REASON_SET(reason, PFRES_FRAG); drop_fragment: diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h index 2d8e071b593..f99a1891000 100644 --- a/sys/net/pfvar.h +++ b/sys/net/pfvar.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pfvar.h,v 1.361 2012/01/26 20:16:06 bluhm Exp $ */ +/* $OpenBSD: pfvar.h,v 1.362 2012/02/03 01:57:51 bluhm Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -1786,11 +1786,9 @@ int pf_setup_pdesc(struct pf_pdesc *, void *, int pf_test(sa_family_t, int, struct ifnet *, struct mbuf **, struct ether_header *); -#ifdef INET6 void pf_poolmask(struct pf_addr *, struct pf_addr*, - struct pf_addr *, struct pf_addr *, u_int8_t); + struct pf_addr *, struct pf_addr *, sa_family_t); void pf_addr_inc(struct pf_addr *, sa_family_t); -#endif /* INET6 */ void *pf_pull_hdr(struct mbuf *, int, void *, int, u_short *, u_short *, sa_family_t); |