diff options
-rw-r--r-- | sys/net/pf.c | 23 | ||||
-rw-r--r-- | sys/net/pfvar.h | 3 | ||||
-rw-r--r-- | sys/netinet/ip_input.c | 22 |
3 files changed, 33 insertions, 15 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index f16a2e15ed4..3b56da2847e 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.978 2016/06/21 16:45:37 bluhm Exp $ */ +/* $OpenBSD: pf.c,v 1.979 2016/07/18 13:17:44 bluhm Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -6761,6 +6761,27 @@ pf_cksum(struct pf_pdesc *pd, struct mbuf *m) } } +int +pf_ouraddr(struct mbuf *m) +{ + struct pf_state_key *sk; + + if (m->m_pkthdr.pf.flags & PF_TAG_DIVERTED) + return (1); + + sk = m->m_pkthdr.pf.statekey; + if (sk != NULL) { + if (sk->inp != NULL) + return (1); + + /* If we have linked state keys it is certainly forwarded. */ + if (sk->reverse != NULL) + return (0); + } + + return (-1); +} + /* * must be called whenever any addressing information such as * address, port, protocol has changed diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h index 394c0dea96b..3ae27999a4b 100644 --- a/sys/net/pfvar.h +++ b/sys/net/pfvar.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pfvar.h,v 1.431 2016/03/29 10:34:42 sashan Exp $ */ +/* $OpenBSD: pfvar.h,v 1.432 2016/07/18 13:17:44 bluhm Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -1763,6 +1763,7 @@ int pf_rtlabel_match(struct pf_addr *, sa_family_t, struct pf_addr_wrap *, int); int pf_socket_lookup(struct pf_pdesc *); struct pf_state_key *pf_alloc_state_key(int); +int pf_ouraddr(struct mbuf *); void pf_pkt_addr_changed(struct mbuf *); struct inpcb *pf_inp_lookup(struct mbuf *); void pf_inp_link(struct mbuf *, struct inpcb *); diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c index 432ca7866d0..51f9986e9f6 100644 --- a/sys/netinet/ip_input.c +++ b/sys/netinet/ip_input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_input.c,v 1.277 2016/06/18 10:36:13 vgross Exp $ */ +/* $OpenBSD: ip_input.c,v 1.278 2016/07/18 13:17:44 bluhm Exp $ */ /* $NetBSD: ip_input.c,v 1.30 1996/03/16 23:53:58 christos Exp $ */ /* @@ -592,20 +592,16 @@ in_ouraddr(struct mbuf *m, struct ifnet *ifp, struct rtentry **prt) struct ip *ip; struct sockaddr_in sin; int match = 0; -#if NPF > 0 - struct pf_state_key *key; - if (m->m_pkthdr.pf.flags & PF_TAG_DIVERTED) +#if NPF > 0 + switch (pf_ouraddr(m)) { + case 0: + return (0); + case 1: return (1); - - key = m->m_pkthdr.pf.statekey; - if (key != NULL) { - if (key->inp != NULL) - return (1); - - /* If we have linked state keys it is certainly forwarded. */ - if (key->reverse != NULL) - return (0); + default: + /* pf does not know it */ + break; } #endif |