diff options
| author | Mike Belopuhov <mikeb@cvs.openbsd.org> | 2011-04-12 10:47:30 +0000 |
|---|---|---|
| committer | Mike Belopuhov <mikeb@cvs.openbsd.org> | 2011-04-12 10:47:30 +0000 |
| commit | a815c5ebf2cbe29d29c5740a1bc7c055bbeb40a3 (patch) | |
| tree | 110dd97ab68614bfc61af5c9e99f086a5f51bc2f /sys | |
| parent | f33be7cee7a3239fa476d7566369325150398a25 (diff) | |
put the accepted socket of a diverted connection into the routing domain
of a connection originator. this allows one to query the source rdomain
with a SO_RTABLE socket option. figured out with reyk, ok claudio.
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/net/pf.c | 4 | ||||
| -rw-r--r-- | sys/net/pfvar.h | 3 | ||||
| -rw-r--r-- | sys/netinet/tcp_input.c | 11 |
3 files changed, 15 insertions, 3 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index db6623d599d..8a0dcf54cf6 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.739 2011/04/07 19:35:05 miod Exp $ */ +/* $OpenBSD: pf.c,v 1.740 2011/04/12 10:47:29 mikeb Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -5964,6 +5964,7 @@ done: if ((divert = pf_get_divert(m))) { m->m_pkthdr.pf.flags |= PF_TAG_DIVERTED; divert->port = r->divert.port; + divert->rdomain = pd.rdomain; divert->addr.ipv4 = r->divert.addr.v4; } } @@ -6243,6 +6244,7 @@ done: if ((divert = pf_get_divert(m))) { m->m_pkthdr.pf.flags |= PF_TAG_DIVERTED; divert->port = r->divert.port; + divert->rdomain = pd.rdomain; divert->addr.ipv6 = r->divert.addr.v6; } } diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h index 440771cd60b..deced2b1de6 100644 --- a/sys/net/pfvar.h +++ b/sys/net/pfvar.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pfvar.h,v 1.326 2011/04/06 13:18:39 claudio Exp $ */ +/* $OpenBSD: pfvar.h,v 1.327 2011/04/12 10:47:29 mikeb Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -1442,6 +1442,7 @@ struct pf_divert { struct in6_addr ipv6; } addr; u_int16_t port; + u_int16_t rdomain; }; #define PFFRAG_FRENT_HIWAT 5000 /* Number of fragment entries */ diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c index 37b12d64280..1a724dfa018 100644 --- a/sys/netinet/tcp_input.c +++ b/sys/netinet/tcp_input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tcp_input.c,v 1.244 2011/04/05 18:16:07 blambert Exp $ */ +/* $OpenBSD: tcp_input.c,v 1.245 2011/04/12 10:47:29 mikeb Exp $ */ /* $NetBSD: tcp_input.c,v 1.23 1996/02/13 23:43:44 christos Exp $ */ /* @@ -3671,6 +3671,9 @@ syn_cache_get(struct sockaddr *src, struct sockaddr *dst, struct tcphdr *th, struct mbuf *am; int s; struct socket *oso; +#if NPF > 0 + struct pf_divert *divert = NULL; +#endif s = splsoftnet(); if ((sc = syn_cache_lookup(src, dst, &scp, @@ -3754,6 +3757,12 @@ syn_cache_get(struct sockaddr *src, struct sockaddr *dst, struct tcphdr *th, inp = (struct inpcb *)so->so_pcb; #endif /* INET6 */ +#if NPF > 0 + if (m && m->m_pkthdr.pf.flags & PF_TAG_DIVERTED && + (divert = pf_find_divert(m)) != NULL) + inp->inp_rtableid = divert->rdomain; + else +#endif /* inherit rtable from listening socket */ inp->inp_rtableid = sc->sc_rtableid; |