diff options
| author | Markus Friedl <markus@cvs.openbsd.org> | 2008-05-07 06:23:31 +0000 |
|---|---|---|
| committer | Markus Friedl <markus@cvs.openbsd.org> | 2008-05-07 06:23:31 +0000 |
| commit | c46e8f1d56b2d9c7df393144da59b2b621bd1dca (patch) | |
| tree | 9136e007f7b263a4f31557e6803910bbf6aa97c1 /sys/net | |
| parent | 986313dc2c034266863c05ef19727bed8f53e211 (diff) | |
allow setting TOS with scrub; ok mcbride, claudio
Diffstat (limited to 'sys/net')
| -rw-r--r-- | sys/net/pf_norm.c | 23 | ||||
| -rw-r--r-- | sys/net/pfvar.h | 4 |
2 files changed, 25 insertions, 2 deletions
diff --git a/sys/net/pf_norm.c b/sys/net/pf_norm.c index 524f8c16469..9623470a45e 100644 --- a/sys/net/pf_norm.c +++ b/sys/net/pf_norm.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_norm.c,v 1.111 2007/12/30 10:32:24 mglocker Exp $ */ +/* $OpenBSD: pf_norm.c,v 1.112 2008/05/07 06:23:30 markus Exp $ */ /* * Copyright 2001 Niels Provos <provos@citi.umich.edu> @@ -989,6 +989,17 @@ pf_normalize_ip(struct mbuf **m0, int dir, struct pfi_kif *kif, u_short *reason, h->ip_sum = pf_cksum_fixup(h->ip_sum, ip_ttl, h->ip_ttl, 0); } + /* Enforce tos */ + if (r->rule_flag & PFRULE_SET_TOS) { + u_int16_t ov, nv; + + ov = *(u_int16_t *)h; + h->ip_tos = r->set_tos; + nv = *(u_int16_t *)h; + + h->ip_sum = pf_cksum_fixup(h->ip_sum, ov, nv, 0); + } + if (r->rule_flag & PFRULE_RANDOMID) { u_int16_t ip_id = h->ip_id; @@ -1008,6 +1019,16 @@ pf_normalize_ip(struct mbuf **m0, int dir, struct pfi_kif *kif, u_short *reason, h->ip_ttl = r->min_ttl; h->ip_sum = pf_cksum_fixup(h->ip_sum, ip_ttl, h->ip_ttl, 0); } + /* Enforce tos */ + if (r->rule_flag & PFRULE_SET_TOS) { + u_int16_t ov, nv; + + ov = *(u_int16_t *)h; + h->ip_tos = r->set_tos; + nv = *(u_int16_t *)h; + + h->ip_sum = pf_cksum_fixup(h->ip_sum, ov, nv, 0); + } if ((r->rule_flag & (PFRULE_FRAGCROP|PFRULE_FRAGDROP)) == 0) pd->flags |= PFDESC_IP_REAS; return (PF_PASS); diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h index a78efc35421..1f1f471d20e 100644 --- a/sys/net/pfvar.h +++ b/sys/net/pfvar.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pfvar.h,v 1.261 2008/05/06 03:45:22 mpf Exp $ */ +/* $OpenBSD: pfvar.h,v 1.262 2008/05/07 06:23:30 markus Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -591,6 +591,7 @@ struct pf_rule { u_int8_t rt; u_int8_t return_ttl; u_int8_t tos; + u_int8_t set_tos; u_int8_t anchor_relative; u_int8_t anchor_wildcard; @@ -615,6 +616,7 @@ struct pf_rule { #define PFRULE_FRAGDROP 0x0400 /* drop funny fragments */ #define PFRULE_RANDOMID 0x0800 #define PFRULE_REASSEMBLE_TCP 0x1000 +#define PFRULE_SET_TOS 0x2000 /* rule flags again */ #define PFRULE_IFBOUND 0x00010000 /* if-bound */ |