diff options
| author | Ryan Thomas McBride <mcbride@cvs.openbsd.org> | 2011-11-26 03:28:47 +0000 |
|---|---|---|
| committer | Ryan Thomas McBride <mcbride@cvs.openbsd.org> | 2011-11-26 03:28:47 +0000 |
| commit | fa71261ee7d2ef70324896f686ca3bcb0d17cd91 (patch) | |
| tree | 185d2454e757010a70a0784f948f40cf67b16a25 /sys/net | |
| parent | 893f80d6448e8933a169dc1439c77f8a5ec141d9 (diff) | |
Apply route-to to deferred packet; without this the first packet of a
connection does not observe the route-to option.
ok dlg mikeb
Diffstat (limited to 'sys/net')
| -rw-r--r-- | sys/net/if_pfsync.c | 37 | ||||
| -rw-r--r-- | sys/net/pf.c | 6 | ||||
| -rw-r--r-- | sys/net/pfvar.h | 6 |
3 files changed, 35 insertions, 14 deletions
diff --git a/sys/net/if_pfsync.c b/sys/net/if_pfsync.c index fad21969a58..3de25070ecc 100644 --- a/sys/net/if_pfsync.c +++ b/sys/net/if_pfsync.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_pfsync.c,v 1.175 2011/11/25 12:52:10 dlg Exp $ */ +/* $OpenBSD: if_pfsync.c,v 1.176 2011/11/26 03:28:46 mcbride Exp $ */ /* * Copyright (c) 2002 Michael Shalayeff @@ -1768,16 +1768,37 @@ pfsync_undefer(struct pfsync_deferral *pd, int drop) if (drop) m_freem(pd->pd_m); else { - switch (pd->pd_st->key[PF_SK_WIRE]->af) { + if (pd->pd_st->rule.ptr->rt) { + switch (pd->pd_st->key[PF_SK_WIRE]->af) { #ifdef INET - case AF_INET: - ip_output(pd->pd_m, NULL, NULL, 0, NULL, NULL); - break; + case AF_INET: + pf_route(&pd->pd_m, pd->pd_st->rule.ptr, + pd->pd_st->direction, + pd->pd_st->rt_kif->pfik_ifp, pd->pd_st); + break; #endif /* INET */ #ifdef INET6 - case AF_INET6: - ip6_output(pd->pd_m, NULL, NULL, 0, NULL, NULL, NULL); - break; + case AF_INET6: + pf_route6(&pd->pd_m, pd->pd_st->rule.ptr, + pd->pd_st->direction, + pd->pd_st->rt_kif->pfik_ifp, pd->pd_st); + break; +#endif /* INET6 */ + } + } else { + switch (pd->pd_st->key[PF_SK_WIRE]->af) { +#ifdef INET + case AF_INET: + ip_output(pd->pd_m, NULL, NULL, 0, + NULL, NULL); + break; +#endif /* INET */ +#ifdef INET6 + case AF_INET6: + ip6_output(pd->pd_m, NULL, NULL, 0, + NULL, NULL, NULL); + break; + } #endif /* INET6 */ } } diff --git a/sys/net/pf.c b/sys/net/pf.c index 9d46baaa90f..40dfd890de4 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.786 2011/11/25 12:52:10 dlg Exp $ */ +/* $OpenBSD: pf.c,v 1.787 2011/11/26 03:28:46 mcbride Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -208,10 +208,6 @@ int pf_test_state_icmp(struct pf_pdesc *, struct pf_state **, u_short *); int pf_test_state_other( struct pf_pdesc *, struct pf_state **); -void pf_route(struct mbuf **, struct pf_rule *, int, - struct ifnet *, struct pf_state *); -void pf_route6(struct mbuf **, struct pf_rule *, int, - struct ifnet *, struct pf_state *); u_int8_t pf_get_wscale(struct pf_pdesc *); u_int16_t pf_get_mss(struct pf_pdesc *); u_int16_t pf_calc_mss(struct pf_addr *, sa_family_t, int, diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h index 96a8fed3a96..f7e0bfcdbb5 100644 --- a/sys/net/pfvar.h +++ b/sys/net/pfvar.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pfvar.h,v 1.354 2011/10/13 18:23:40 claudio Exp $ */ +/* $OpenBSD: pfvar.h,v 1.355 2011/11/26 03:28:46 mcbride Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -1831,6 +1831,10 @@ int pf_state_key_attach(struct pf_state_key *, struct pf_state *, int); int pf_translate(struct pf_pdesc *, struct pf_addr *, u_int16_t, struct pf_addr *, u_int16_t, u_int16_t, int); int pf_translate_af(struct pf_pdesc *); +void pf_route(struct mbuf **, struct pf_rule *, int, + struct ifnet *, struct pf_state *); +void pf_route6(struct mbuf **, struct pf_rule *, int, + struct ifnet *, struct pf_state *); void pfr_initialize(void); int pfr_match_addr(struct pfr_ktable *, struct pf_addr *, sa_family_t); |