diff options
author | Henning Brauer <henning@cvs.openbsd.org> | 2008-07-16 09:00:45 +0000 |
---|---|---|
committer | Henning Brauer <henning@cvs.openbsd.org> | 2008-07-16 09:00:45 +0000 |
commit | 6dced5aca64cb259f363c6e2f971881d7711c064 (patch) | |
tree | f4504115df582cca08f3dadb9ef7b418a2d4dba2 /sys/netinet | |
parent | fb67658fbbc2bfd71e15fd14cb8b81a75e42ecbb (diff) |
link udp pcbs to pf states, same as done for tcp already
ok markus, also tested david sthen
Diffstat (limited to 'sys/netinet')
-rw-r--r-- | sys/netinet/udp_usrreq.c | 35 |
1 files changed, 27 insertions, 8 deletions
diff --git a/sys/netinet/udp_usrreq.c b/sys/netinet/udp_usrreq.c index bdff3b53b98..47ce3a14e6f 100644 --- a/sys/netinet/udp_usrreq.c +++ b/sys/netinet/udp_usrreq.c @@ -1,4 +1,4 @@ -/* $OpenBSD: udp_usrreq.c,v 1.123 2008/06/14 22:15:30 jsing Exp $ */ +/* $OpenBSD: udp_usrreq.c,v 1.124 2008/07/16 09:00:44 henning Exp $ */ /* $NetBSD: udp_usrreq.c,v 1.28 1996/03/16 23:54:03 christos Exp $ */ /* @@ -105,6 +105,11 @@ extern int ip6_defhlim; #include "faith.h" +#include "pf.h" +#if NPF > 0 +#include <net/pfvar.h> +#endif + /* * UDP protocol implementation. * Per RFC 768, August, 1980. @@ -163,7 +168,7 @@ udp_input(struct mbuf *m, ...) { struct ip *ip; struct udphdr *uh; - struct inpcb *inp; + struct inpcb *inp = NULL; struct mbuf *opts = NULL; struct ip save_ip; int iphlen, len; @@ -529,14 +534,27 @@ udp_input(struct mbuf *m, ...) /* * Locate pcb for datagram. */ +#if NPF > 0 + if (m->m_pkthdr.pf.statekey) + inp = ((struct pf_state_key *)m->m_pkthdr.pf.statekey)->inp; +#endif + if (inp == NULL) { #ifdef INET6 - if (ip6) - inp = in6_pcbhashlookup(&udbtable, &ip6->ip6_src, uh->uh_sport, - &ip6->ip6_dst, uh->uh_dport); - else + if (ip6) + inp = in6_pcbhashlookup(&udbtable, &ip6->ip6_src, + uh->uh_sport, &ip6->ip6_dst, uh->uh_dport); + else #endif /* INET6 */ - inp = in_pcbhashlookup(&udbtable, ip->ip_src, uh->uh_sport, - ip->ip_dst, uh->uh_dport); + inp = in_pcbhashlookup(&udbtable, ip->ip_src, uh->uh_sport, + ip->ip_dst, uh->uh_dport); +#if NPF > 0 + if (m->m_pkthdr.pf.statekey && inp) { + ((struct pf_state_key *)m->m_pkthdr.pf.statekey)->inp = + inp; + inp->inp_pf_sk = m->m_pkthdr.pf.statekey; + } +#endif + } if (inp == 0) { int inpl_reverse = 0; if (m->m_pkthdr.pf.flags & PF_TAG_TRANSLATE_LOCALHOST) @@ -970,6 +988,7 @@ udp_output(struct mbuf *m, ...) ((struct ip *)ui)->ip_ttl = inp->inp_ip.ip_ttl; ((struct ip *)ui)->ip_tos = inp->inp_ip.ip_tos; + m->m_pkthdr.pf.statekey = inp->inp_pf_sk; udpstat.udps_opackets++; error = ip_output(m, inp->inp_options, &inp->inp_route, inp->inp_socket->so_options & |