summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--sys/altq/altq_cbq.c8
-rw-r--r--sys/altq/altq_hfsc.c8
-rw-r--r--sys/altq/altq_priq.c8
-rw-r--r--sys/altq/altq_red.c29
-rw-r--r--sys/altq/if_altq.h12
-rw-r--r--sys/net/if_ethersubr.c13
-rw-r--r--sys/net/if_fddisubr.c11
-rw-r--r--sys/net/pf.c323
-rw-r--r--sys/net/pf_norm.c27
-rw-r--r--sys/net/pfvar.h34
-rw-r--r--sys/netinet/ip_icmp.c19
-rw-r--r--sys/netinet/tcp_input.c16
-rw-r--r--sys/netinet/udp_usrreq.c16
-rw-r--r--sys/sys/mbuf.h9
14 files changed, 234 insertions, 299 deletions
diff --git a/sys/altq/altq_cbq.c b/sys/altq/altq_cbq.c
index 604cbbdb207..d3ec56199f2 100644
--- a/sys/altq/altq_cbq.c
+++ b/sys/altq/altq_cbq.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: altq_cbq.c,v 1.18 2004/01/14 08:42:23 kjc Exp $ */
+/* $OpenBSD: altq_cbq.c,v 1.19 2005/10/17 08:43:35 henning Exp $ */
/* $KAME: altq_cbq.c,v 1.9 2000/12/14 08:12:45 thorpej Exp $ */
/*
@@ -441,7 +441,7 @@ cbq_enqueue(struct ifaltq *ifq, struct mbuf *m, struct altq_pktattr *pktattr)
{
cbq_state_t *cbqp = (cbq_state_t *)ifq->altq_disc;
struct rm_class *cl;
- struct m_tag *t;
+ struct pf_mtag *t;
int len;
/* grab class set by classifier */
@@ -452,9 +452,9 @@ cbq_enqueue(struct ifaltq *ifq, struct mbuf *m, struct altq_pktattr *pktattr)
m_freem(m);
return (ENOBUFS);
}
- t = m_tag_find(m, PACKET_TAG_PF_QID, NULL);
+ t = pf_find_mtag(m);
if (t == NULL ||
- (cl = clh_to_clp(cbqp, ((struct altq_tag *)(t+1))->qid)) == NULL) {
+ (cl = clh_to_clp(cbqp, t->qid)) == NULL) {
cl = cbqp->ifnp.default_;
if (cl == NULL) {
m_freem(m);
diff --git a/sys/altq/altq_hfsc.c b/sys/altq/altq_hfsc.c
index e78965cf9b2..fc58f4af129 100644
--- a/sys/altq/altq_hfsc.c
+++ b/sys/altq/altq_hfsc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: altq_hfsc.c,v 1.21 2004/01/14 08:42:23 kjc Exp $ */
+/* $OpenBSD: altq_hfsc.c,v 1.22 2005/10/17 08:43:35 henning Exp $ */
/* $KAME: altq_hfsc.c,v 1.17 2002/11/29 07:48:33 kjc Exp $ */
/*
@@ -618,7 +618,7 @@ hfsc_enqueue(struct ifaltq *ifq, struct mbuf *m, struct altq_pktattr *pktattr)
{
struct hfsc_if *hif = (struct hfsc_if *)ifq->altq_disc;
struct hfsc_class *cl;
- struct m_tag *t;
+ struct pf_mtag *t;
int len;
/* grab class set by classifier */
@@ -629,9 +629,9 @@ hfsc_enqueue(struct ifaltq *ifq, struct mbuf *m, struct altq_pktattr *pktattr)
m_freem(m);
return (ENOBUFS);
}
- t = m_tag_find(m, PACKET_TAG_PF_QID, NULL);
+ t = pf_find_mtag(m);
if (t == NULL ||
- (cl = clh_to_clp(hif, ((struct altq_tag *)(t+1))->qid)) == NULL ||
+ (cl = clh_to_clp(hif, t->qid)) == NULL ||
is_a_parent_class(cl)) {
cl = hif->hif_defaultclass;
if (cl == NULL) {
diff --git a/sys/altq/altq_priq.c b/sys/altq/altq_priq.c
index 436aa6829ea..3f04e81a35c 100644
--- a/sys/altq/altq_priq.c
+++ b/sys/altq/altq_priq.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: altq_priq.c,v 1.17 2004/01/14 08:42:23 kjc Exp $ */
+/* $OpenBSD: altq_priq.c,v 1.18 2005/10/17 08:43:35 henning Exp $ */
/* $KAME: altq_priq.c,v 1.1 2000/10/18 09:15:23 kjc Exp $ */
/*
* Copyright (C) 2000
@@ -396,7 +396,7 @@ priq_enqueue(struct ifaltq *ifq, struct mbuf *m, struct altq_pktattr *pktattr)
{
struct priq_if *pif = (struct priq_if *)ifq->altq_disc;
struct priq_class *cl;
- struct m_tag *t;
+ struct pf_mtag *t;
int len;
/* grab class set by classifier */
@@ -407,9 +407,9 @@ priq_enqueue(struct ifaltq *ifq, struct mbuf *m, struct altq_pktattr *pktattr)
m_freem(m);
return (ENOBUFS);
}
- t = m_tag_find(m, PACKET_TAG_PF_QID, NULL);
+ t = pf_find_mtag(m);
if (t == NULL ||
- (cl = clh_to_clp(pif, ((struct altq_tag *)(t+1))->qid)) == NULL) {
+ (cl = clh_to_clp(pif, t->qid)) == NULL) {
cl = pif->pif_default;
if (cl == NULL) {
m_freem(m);
diff --git a/sys/altq/altq_red.c b/sys/altq/altq_red.c
index b126ba1f0d9..0de641866a7 100644
--- a/sys/altq/altq_red.c
+++ b/sys/altq/altq_red.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: altq_red.c,v 1.11 2003/05/12 00:50:12 henning Exp $ */
+/* $OpenBSD: altq_red.c,v 1.12 2005/10/17 08:43:35 henning Exp $ */
/* $KAME: altq_red.c,v 1.10 2002/04/03 05:38:51 kjc Exp $ */
/*
@@ -420,39 +420,28 @@ int
mark_ecn(struct mbuf *m, struct altq_pktattr *pktattr, int flags)
{
struct mbuf *m0;
- struct m_tag *t;
- struct altq_tag *at;
- void *hdr;
- int af;
+ struct pf_mtag *t;
- t = m_tag_find(m, PACKET_TAG_PF_QID, NULL);
- if (t == NULL)
+ if ((t = pf_find_mtag(m)) == NULL)
return (0);
- at = (struct altq_tag *)(t + 1);
- if (at == NULL)
- return (0);
-
- af = at->af;
- hdr = at->hdr;
-
- if (af != AF_INET && af != AF_INET6)
+ if (t->af != AF_INET && t->af != AF_INET6)
return (0);
/* verify that pattr_hdr is within the mbuf data */
for (m0 = m; m0 != NULL; m0 = m0->m_next)
- if (((caddr_t)hdr >= m0->m_data) &&
- ((caddr_t)hdr < m0->m_data + m0->m_len))
+ if (((caddr_t)(t->hdr) >= m0->m_data) &&
+ ((caddr_t)(t->hdr) < m0->m_data + m0->m_len))
break;
if (m0 == NULL) {
/* ick, tag info is stale */
return (0);
}
- switch (af) {
+ switch (t->af) {
case AF_INET:
if (flags & REDF_ECN4) {
- struct ip *ip = hdr;
+ struct ip *ip = t->hdr;
u_int8_t otos;
int sum;
@@ -485,7 +474,7 @@ mark_ecn(struct mbuf *m, struct altq_pktattr *pktattr, int flags)
#ifdef INET6
case AF_INET6:
if (flags & REDF_ECN6) {
- struct ip6_hdr *ip6 = hdr;
+ struct ip6_hdr *ip6 = t->hdr;
u_int32_t flowlabel;
flowlabel = ntohl(ip6->ip6_flow);
diff --git a/sys/altq/if_altq.h b/sys/altq/if_altq.h
index 2d9599b6277..79494208986 100644
--- a/sys/altq/if_altq.h
+++ b/sys/altq/if_altq.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: if_altq.h,v 1.9 2004/04/17 00:09:00 henning Exp $ */
+/* $OpenBSD: if_altq.h,v 1.10 2005/10/17 08:43:35 henning Exp $ */
/* $KAME: if_altq.h,v 1.6 2001/01/29 19:59:09 itojun Exp $ */
/*
@@ -92,16 +92,6 @@ struct altq_pktattr {
};
/*
- * mbuf tag to carry a queue id (and hints for ECN).
- */
-struct altq_tag {
- u_int32_t qid; /* queue id */
- /* hints for ecn */
- int af; /* address family */
- void *hdr; /* saved header position in mbuf */
-};
-
-/*
* a token-bucket regulator limits the rate that a network driver can
* dequeue packets from the output queue.
* modern cards are able to buffer a large amount of packets and dequeue
diff --git a/sys/net/if_ethersubr.c b/sys/net/if_ethersubr.c
index 3fb53c51fe1..6a7eeed9407 100644
--- a/sys/net/if_ethersubr.c
+++ b/sys/net/if_ethersubr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: if_ethersubr.c,v 1.97 2005/09/30 02:39:24 brad Exp $ */
+/* $OpenBSD: if_ethersubr.c,v 1.98 2005/10/17 08:43:35 henning Exp $ */
/* $NetBSD: if_ethersubr.c,v 1.19 1996/05/07 02:40:30 thorpej Exp $ */
/*
@@ -281,9 +281,14 @@ ether_output(ifp0, m0, dst, rt0)
if (!arpresolve(ac, rt, m, dst, edst))
return (0); /* if not yet resolved */
/* If broadcasting on a simplex interface, loopback a copy */
- if ((m->m_flags & M_BCAST) && (ifp->if_flags & IFF_SIMPLEX) &&
- m_tag_find(m, PACKET_TAG_PF_ROUTED, NULL) == NULL)
- mcopy = m_copy(m, 0, (int)M_COPYALL);
+ if ((m->m_flags & M_BCAST) && (ifp->if_flags & IFF_SIMPLEX)) {
+#if NPF > 0
+ struct pf_mtag *t;
+
+ if ((t = pf_find_mtag(m)) == NULL || !t->routed)
+#endif
+ mcopy = m_copy(m, 0, (int)M_COPYALL);
+ }
etype = htons(ETHERTYPE_IP);
break;
#endif
diff --git a/sys/net/if_fddisubr.c b/sys/net/if_fddisubr.c
index 35ab478e5e7..d33a1b00821 100644
--- a/sys/net/if_fddisubr.c
+++ b/sys/net/if_fddisubr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: if_fddisubr.c,v 1.46 2005/06/08 06:55:33 henning Exp $ */
+/* $OpenBSD: if_fddisubr.c,v 1.47 2005/10/17 08:43:35 henning Exp $ */
/* $NetBSD: if_fddisubr.c,v 1.5 1996/05/07 23:20:21 christos Exp $ */
/*
@@ -203,9 +203,14 @@ fddi_output(ifp0, m0, dst, rt0)
if (!arpresolve(ac, rt, m, dst, edst))
return (0); /* if not yet resolved */
/* If broadcasting on a simplex interface, loopback a copy */
- if ((m->m_flags & M_BCAST) && (ifp->if_flags & IFF_SIMPLEX) &&
- m_tag_find(m, PACKET_TAG_PF_ROUTED, NULL) == NULL)
+ if ((m->m_flags & M_BCAST) && (ifp->if_flags & IFF_SIMPLEX)) {
+#if NPF > 0
+ struct pf_mtag *t;
+
+ if ((t = pf_find_mtag(m)) == NULL || !t->routed)
+#endif
mcopy = m_copy(m, 0, (int)M_COPYALL);
+ }
type = htons(ETHERTYPE_IP);
break;
#endif
diff --git a/sys/net/pf.c b/sys/net/pf.c
index 11d098bab0a..bcdf94ff350 100644
--- a/sys/net/pf.c
+++ b/sys/net/pf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf.c,v 1.503 2005/09/28 01:46:32 pascoe Exp $ */
+/* $OpenBSD: pf.c,v 1.504 2005/10/17 08:43:35 henning Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -182,9 +182,8 @@ int pf_test_state_icmp(struct pf_state **, int,
void *, struct pf_pdesc *, u_short *);
int pf_test_state_other(struct pf_state **, int,
struct pfi_kif *, struct pf_pdesc *);
-struct pf_tag *pf_get_tag(struct mbuf *);
int pf_match_tag(struct mbuf *, struct pf_rule *,
- struct pf_tag **, int *);
+ struct pf_mtag *, int *);
void pf_hash(struct pf_addr *, struct pf_addr *,
struct pf_poolhashkey *, sa_family_t);
int pf_map_addr(u_int8_t, struct pf_rule *,
@@ -195,9 +194,11 @@ int pf_get_sport(sa_family_t, u_int8_t, struct pf_rule *,
struct pf_addr *, u_int16_t*, u_int16_t, u_int16_t,
struct pf_src_node **);
void pf_route(struct mbuf **, struct pf_rule *, int,
- struct ifnet *, struct pf_state *);
+ struct ifnet *, struct pf_state *,
+ struct pf_pdesc *);
void pf_route6(struct mbuf **, struct pf_rule *, int,
- struct ifnet *, struct pf_state *);
+ struct ifnet *, struct pf_state *,
+ struct pf_pdesc *);
int pf_socket_lookup(int, struct pf_pdesc *);
u_int8_t pf_get_wscale(struct mbuf *, int, u_int16_t,
sa_family_t);
@@ -211,7 +212,6 @@ int pf_check_proto_cksum(struct mbuf *, int, int,
u_int8_t, sa_family_t);
int pf_addr_wrap_neq(struct pf_addr_wrap *,
struct pf_addr_wrap *);
-static int pf_add_mbuf_tag(struct mbuf *, u_int);
struct pf_state *pf_find_state_recurse(struct pfi_kif *,
struct pf_state_cmp *, u_int8_t);
int pf_src_connlimit(struct pf_state **);
@@ -988,12 +988,13 @@ pf_src_tree_remove_state(struct pf_state *s)
void
pf_unlink_state(struct pf_state *cur)
{
- if (cur->src.state == PF_TCPS_PROXY_DST)
+ if (cur->src.state == PF_TCPS_PROXY_DST) {
pf_send_tcp(cur->rule.ptr, cur->af,
&cur->ext.addr, &cur->lan.addr,
cur->ext.port, cur->lan.port,
cur->src.seqhi, cur->src.seqlo + 1,
TH_RST|TH_ACK, 0, 0, 0, 1, cur->tag, NULL, NULL);
+ }
RB_REMOVE(pf_state_tree_ext_gwy,
&cur->u.s.kif->pfik_ext_gwy, cur);
RB_REMOVE(pf_state_tree_lan_ext,
@@ -1507,7 +1508,8 @@ pf_send_tcp(const struct pf_rule *r, sa_family_t af,
struct ip6_hdr *h6;
#endif /* INET6 */
struct tcphdr *th;
- char *opt;
+ char *opt;
+ struct pf_mtag *pf_mtag;
/* maximum segment size tcp option */
tlen = sizeof(struct tcphdr);
@@ -1531,35 +1533,20 @@ pf_send_tcp(const struct pf_rule *r, sa_family_t af,
m = m_gethdr(M_DONTWAIT, MT_HEADER);
if (m == NULL)
return;
- if (tag) {
- struct m_tag *mtag;
-
- mtag = m_tag_get(PACKET_TAG_PF_GENERATED, 0, M_NOWAIT);
- if (mtag == NULL) {
- m_freem(m);
- return;
- }
- m_tag_prepend(m, mtag);
+ if ((pf_mtag = pf_get_mtag(m)) == NULL) {
+ m_freem(m);
+ return;
}
- if (rtag)
- if (pf_tag_packet(m, NULL, rtag)) {
- m_freem(m);
- return;
- }
+ if (tag)
+ pf_mtag->flags |= PF_TAG_GENERATED;
+ pf_mtag->tag = rtag;
+
#ifdef ALTQ
if (r != NULL && r->qid) {
- struct m_tag *mtag;
- struct altq_tag *atag;
-
- mtag = m_tag_get(PACKET_TAG_PF_QID, sizeof(*atag), M_NOWAIT);
- if (mtag != NULL) {
- atag = (struct altq_tag *)(mtag + 1);
- atag->qid = r->qid;
- /* add hints for ecn */
- atag->af = af;
- atag->hdr = mtod(m, struct ip *);
- m_tag_prepend(m, mtag);
- }
+ pf_mtag->qid = r->qid;
+ /* add hints for ecn */
+ pf_mtag->af = af;
+ pf_mtag->hdr = mtod(m, struct ip *);
}
#endif /* ALTQ */
m->m_data += max_linkhdr;
@@ -1669,32 +1656,21 @@ void
pf_send_icmp(struct mbuf *m, u_int8_t type, u_int8_t code, sa_family_t af,
struct pf_rule *r)
{
- struct m_tag *mtag;
+ struct pf_mtag *pf_mtag;
struct mbuf *m0;
- mtag = m_tag_get(PACKET_TAG_PF_GENERATED, 0, M_NOWAIT);
- if (mtag == NULL)
- return;
m0 = m_copy(m, 0, M_COPYALL);
- if (m0 == NULL) {
- m_tag_free(mtag);
+
+ if ((pf_mtag = pf_get_mtag(m0)) == NULL)
return;
- }
- m_tag_prepend(m0, mtag);
+ pf_mtag->flags |= PF_TAG_GENERATED;
#ifdef ALTQ
if (r->qid) {
- struct altq_tag *atag;
-
- mtag = m_tag_get(PACKET_TAG_PF_QID, sizeof(*atag), M_NOWAIT);
- if (mtag != NULL) {
- atag = (struct altq_tag *)(mtag + 1);
- atag->qid = r->qid;
- /* add hints for ecn */
- atag->af = af;
- atag->hdr = mtod(m0, struct ip *);
- m_tag_prepend(m0, mtag);
- }
+ pf_mtag->qid = r->qid;
+ /* add hints for ecn */
+ pf_mtag->af = af;
+ pf_mtag->hdr = mtod(m0, struct ip *);
}
#endif /* ALTQ */
@@ -1809,48 +1785,55 @@ pf_match_gid(u_int8_t op, gid_t a1, gid_t a2, gid_t g)
return (pf_match(op, a1, a2, g));
}
-struct pf_tag *
-pf_get_tag(struct mbuf *m)
+struct pf_mtag *
+pf_find_mtag(struct mbuf *m)
{
struct m_tag *mtag;
- if ((mtag = m_tag_find(m, PACKET_TAG_PF_TAG, NULL)) != NULL)
- return ((struct pf_tag *)(mtag + 1));
- else
+ if ((mtag = m_tag_find(m, PACKET_TAG_PF, NULL)) == NULL)
return (NULL);
+
+ return ((struct pf_mtag *)(mtag + 1));
}
-int
-pf_match_tag(struct mbuf *m, struct pf_rule *r, struct pf_tag **pftag, int *tag)
+struct pf_mtag *
+pf_get_mtag(struct mbuf *m)
{
- if (*tag == -1) { /* find mbuf tag */
- *pftag = pf_get_tag(m);
- if (*pftag != NULL)
- *tag = (*pftag)->tag;
- else
- *tag = 0;
+ struct m_tag *mtag;
+
+ if ((mtag = m_tag_find(m, PACKET_TAG_PF, NULL)) == NULL) {
+ mtag = m_tag_get(PACKET_TAG_PF, sizeof(struct pf_mtag),
+ M_NOWAIT);
+ if (mtag == NULL)
+ return (NULL);
+ bzero(mtag + 1, sizeof(struct pf_mtag));
+ m_tag_prepend(m, mtag);
}
+ return ((struct pf_mtag *)(mtag + 1));
+}
+
+int
+pf_match_tag(struct mbuf *m, struct pf_rule *r, struct pf_mtag *pf_mtag,
+ int *tag)
+{
+ if (*tag == -1)
+ *tag = pf_mtag->tag;
+
return ((!r->match_tag_not && r->match_tag == *tag) ||
(r->match_tag_not && r->match_tag != *tag));
}
int
-pf_tag_packet(struct mbuf *m, struct pf_tag *pftag, int tag)
+pf_tag_packet(struct mbuf *m, struct pf_mtag *pf_mtag, int tag)
{
- struct m_tag *mtag;
-
if (tag <= 0)
return (0);
- if (pftag == NULL) {
- mtag = m_tag_get(PACKET_TAG_PF_TAG, sizeof(*pftag), M_NOWAIT);
- if (mtag == NULL)
+ if (pf_mtag == NULL)
+ if ((pf_mtag = pf_get_mtag(m)) == NULL)
return (1);
- ((struct pf_tag *)(mtag + 1))->tag = tag;
- m_tag_prepend(m, mtag);
- } else
- pftag->tag = tag;
+ pf_mtag->tag = tag;
return (0);
}
@@ -2309,7 +2292,6 @@ pf_match_translation(struct pf_pdesc *pd, struct mbuf *m, int off,
{
struct pf_rule *r, *rm = NULL;
struct pf_ruleset *ruleset = NULL;
- struct pf_tag *pftag = NULL;
int tag = -1;
int asd = 0;
@@ -2352,7 +2334,7 @@ pf_match_translation(struct pf_pdesc *pd, struct mbuf *m, int off,
!pf_match_port(dst->port_op, dst->port[0],
dst->port[1], dport))
r = r->skip[PF_SKIP_DST_PORT].ptr;
- else if (r->match_tag && !pf_match_tag(m, r, &pftag, &tag))
+ else if (r->match_tag && !pf_match_tag(m, r, pd->pf_mtag, &tag))
r = TAILQ_NEXT(r, entries);
else if (r->os_fingerprint != PF_OSFP_ANY && (pd->proto !=
IPPROTO_TCP || !pf_osfp_match(pf_osfp_fingerprint(pd, m,
@@ -2369,7 +2351,7 @@ pf_match_translation(struct pf_pdesc *pd, struct mbuf *m, int off,
if (r == NULL)
pf_step_out_of_anchor(&asd, &ruleset, rs_num, &r, NULL);
}
- if (pf_tag_packet(m, pftag, tag))
+ if (pf_tag_packet(m, pd->pf_mtag, tag))
return (NULL);
if (rm != NULL && (rm->action == PF_NONAT ||
rm->action == PF_NORDR || rm->action == PF_NOBINAT))
@@ -2775,7 +2757,6 @@ pf_test_tcp(struct pf_rule **rm, struct pf_state **sm, int direction,
struct pf_src_node *nsn = NULL;
u_short reason;
int rewrite = 0;
- struct pf_tag *pftag = NULL;
int tag = -1;
u_int16_t mss = tcp_mssdflt;
int asd = 0;
@@ -2855,7 +2836,7 @@ pf_test_tcp(struct pf_rule **rm, struct pf_state **sm, int direction,
r = TAILQ_NEXT(r, entries);
else if (r->prob && r->prob <= arc4random())
r = TAILQ_NEXT(r, entries);
- else if (r->match_tag && !pf_match_tag(m, r, &pftag, &tag))
+ else if (r->match_tag && !pf_match_tag(m, r, pd->pf_mtag, &tag))
r = TAILQ_NEXT(r, entries);
else if (r->os_fingerprint != PF_OSFP_ANY && !pf_osfp_match(
pf_osfp_fingerprint(pd, m, off, th), r->os_fingerprint))
@@ -2931,7 +2912,7 @@ pf_test_tcp(struct pf_rule **rm, struct pf_state **sm, int direction,
if (r->action == PF_DROP)
return (PF_DROP);
- if (pf_tag_packet(m, pftag, tag)) {
+ if (pf_tag_packet(m, pd->pf_mtag, tag)) {
REASON_SET(&reason, PFRES_MEMORY);
return (PF_DROP);
}
@@ -3150,7 +3131,6 @@ pf_test_udp(struct pf_rule **rm, struct pf_state **sm, int direction,
struct pf_src_node *nsn = NULL;
u_short reason;
int rewrite = 0;
- struct pf_tag *pftag = NULL;
int tag = -1;
int asd = 0;
@@ -3227,7 +3207,7 @@ pf_test_udp(struct pf_rule **rm, struct pf_state **sm, int direction,
r = TAILQ_NEXT(r, entries);
else if (r->prob && r->prob <= arc4random())
r = TAILQ_NEXT(r, entries);
- else if (r->match_tag && !pf_match_tag(m, r, &pftag, &tag))
+ else if (r->match_tag && !pf_match_tag(m, r, pd->pf_mtag, &tag))
r = TAILQ_NEXT(r, entries);
else if (r->os_fingerprint != PF_OSFP_ANY)
r = TAILQ_NEXT(r, entries);
@@ -3288,7 +3268,7 @@ pf_test_udp(struct pf_rule **rm, struct pf_state **sm, int direction,
if (r->action == PF_DROP)
return (PF_DROP);
- if (pf_tag_packet(m, pftag, tag)) {
+ if (pf_tag_packet(m, pd->pf_mtag, tag)) {
REASON_SET(&reason, PFRES_MEMORY);
return (PF_DROP);
}
@@ -3427,7 +3407,6 @@ pf_test_icmp(struct pf_rule **rm, struct pf_state **sm, int direction,
sa_family_t af = pd->af;
u_int8_t icmptype, icmpcode;
int state_icmp = 0;
- struct pf_tag *pftag = NULL;
int tag = -1;
#ifdef INET6
int rewrite = 0;
@@ -3553,7 +3532,7 @@ pf_test_icmp(struct pf_rule **rm, struct pf_state **sm, int direction,
r = TAILQ_NEXT(r, entries);
else if (r->prob && r->prob <= arc4random())
r = TAILQ_NEXT(r, entries);
- else if (r->match_tag && !pf_match_tag(m, r, &pftag, &tag))
+ else if (r->match_tag && !pf_match_tag(m, r, pd->pf_mtag, &tag))
r = TAILQ_NEXT(r, entries);
else if (r->os_fingerprint != PF_OSFP_ANY)
r = TAILQ_NEXT(r, entries);
@@ -3594,7 +3573,7 @@ pf_test_icmp(struct pf_rule **rm, struct pf_state **sm, int direction,
if (r->action != PF_PASS)
return (PF_DROP);
- if (pf_tag_packet(m, pftag, tag)) {
+ if (pf_tag_packet(m, pd->pf_mtag, tag)) {
REASON_SET(&reason, PFRES_MEMORY);
return (PF_DROP);
}
@@ -3730,7 +3709,6 @@ pf_test_other(struct pf_rule **rm, struct pf_state **sm, int direction,
struct pf_addr *saddr = pd->src, *daddr = pd->dst;
sa_family_t af = pd->af;
u_short reason;
- struct pf_tag *pftag = NULL;
int tag = -1;
int asd = 0;
@@ -3807,7 +3785,7 @@ pf_test_other(struct pf_rule **rm, struct pf_state **sm, int direction,
r = TAILQ_NEXT(r, entries);
else if (r->prob && r->prob <= arc4random())
r = TAILQ_NEXT(r, entries);
- else if (r->match_tag && !pf_match_tag(m, r, &pftag, &tag))
+ else if (r->match_tag && !pf_match_tag(m, r, pd->pf_mtag, &tag))
r = TAILQ_NEXT(r, entries);
else if (r->os_fingerprint != PF_OSFP_ANY)
r = TAILQ_NEXT(r, entries);
@@ -3876,7 +3854,7 @@ pf_test_other(struct pf_rule **rm, struct pf_state **sm, int direction,
if (r->action != PF_PASS)
return (PF_DROP);
- if (pf_tag_packet(m, pftag, tag)) {
+ if (pf_tag_packet(m, pd->pf_mtag, tag)) {
REASON_SET(&reason, PFRES_MEMORY);
return (PF_DROP);
}
@@ -3994,7 +3972,6 @@ pf_test_fragment(struct pf_rule **rm, int direction, struct pfi_kif *kif,
struct pf_ruleset *ruleset = NULL;
sa_family_t af = pd->af;
u_short reason;
- struct pf_tag *pftag = NULL;
int tag = -1;
int asd = 0;
@@ -4021,7 +3998,7 @@ pf_test_fragment(struct pf_rule **rm, int direction, struct pfi_kif *kif,
r = TAILQ_NEXT(r, entries);
else if (r->prob && r->prob <= arc4random())
r = TAILQ_NEXT(r, entries);
- else if (r->match_tag && !pf_match_tag(m, r, &pftag, &tag))
+ else if (r->match_tag && !pf_match_tag(m, r, pd->pf_mtag, &tag))
r = TAILQ_NEXT(r, entries);
else {
if (r->anchor == NULL) {
@@ -4052,7 +4029,7 @@ pf_test_fragment(struct pf_rule **rm, int direction, struct pfi_kif *kif,
if (r->action != PF_PASS)
return (PF_DROP);
- if (pf_tag_packet(m, pftag, tag)) {
+ if (pf_tag_packet(m, pd->pf_mtag, tag)) {
REASON_SET(&reason, PFRES_MEMORY);
return (PF_DROP);
}
@@ -5355,7 +5332,7 @@ pf_rtlabel_match(struct pf_addr *addr, sa_family_t af, struct pf_addr_wrap *aw)
#ifdef INET
void
pf_route(struct mbuf **m, struct pf_rule *r, int dir, struct ifnet *oifp,
- struct pf_state *s)
+ struct pf_state *s, struct pf_pdesc *pd)
{
struct mbuf *m0, *m1;
struct m_tag *mtag;
@@ -5372,22 +5349,10 @@ pf_route(struct mbuf **m, struct pf_rule *r, int dir, struct ifnet *oifp,
(dir != PF_IN && dir != PF_OUT) || oifp == NULL)
panic("pf_route: invalid parameters");
- if ((mtag = m_tag_find(*m, PACKET_TAG_PF_ROUTED, NULL)) == NULL) {
- if ((mtag = m_tag_get(PACKET_TAG_PF_ROUTED, 1, M_NOWAIT)) ==
- NULL) {
- m0 = *m;
- *m = NULL;
- goto bad;
- }
- *(char *)(mtag + 1) = 1;
- m_tag_prepend(*m, mtag);
- } else {
- if (*(char *)(mtag + 1) > 3) {
- m0 = *m;
- *m = NULL;
- goto bad;
- }
- (*(char *)(mtag + 1))++;
+ if (pd->pf_mtag->routed++ > 3) {
+ m0 = *m;
+ *m = NULL;
+ goto bad;
}
if (r->rt == PF_DUPTO) {
@@ -5559,10 +5524,9 @@ bad:
#ifdef INET6
void
pf_route6(struct mbuf **m, struct pf_rule *r, int dir, struct ifnet *oifp,
- struct pf_state *s)
+ struct pf_state *s, struct pf_pdesc *pd)
{
struct mbuf *m0;
- struct m_tag *mtag;
struct route_in6 ip6route;
struct route_in6 *ro;
struct sockaddr_in6 *dst;
@@ -5576,22 +5540,10 @@ pf_route6(struct mbuf **m, struct pf_rule *r, int dir, struct ifnet *oifp,
(dir != PF_IN && dir != PF_OUT) || oifp == NULL)
panic("pf_route6: invalid parameters");
- if ((mtag = m_tag_find(*m, PACKET_TAG_PF_ROUTED, NULL)) == NULL) {
- if ((mtag = m_tag_get(PACKET_TAG_PF_ROUTED, 1, M_NOWAIT)) ==
- NULL) {
- m0 = *m;
- *m = NULL;
- goto bad;
- }
- *(char *)(mtag + 1) = 1;
- m_tag_prepend(*m, mtag);
- } else {
- if (*(char *)(mtag + 1) > 3) {
- m0 = *m;
- *m = NULL;
- goto bad;
- }
- (*(char *)(mtag + 1))++;
+ if (pd->pf_mtag->routed++ > 3) {
+ m0 = *m;
+ *m = NULL;
+ goto bad;
}
if (r->rt == PF_DUPTO) {
@@ -5617,12 +5569,9 @@ pf_route6(struct mbuf **m, struct pf_rule *r, int dir, struct ifnet *oifp,
dst->sin6_len = sizeof(*dst);
dst->sin6_addr = ip6->ip6_dst;
- /* Cheat. */
+ /* Cheat. XXX why only in the v6 case??? */
if (r->rt == PF_FASTROUTE) {
- mtag = m_tag_get(PACKET_TAG_PF_GENERATED, 0, M_NOWAIT);
- if (mtag == NULL)
- goto bad;
- m_tag_prepend(m0, mtag);
+ pd->pf_mtag->flags |= PF_TAG_GENERATED;
ip6_output(m0, NULL, NULL, 0, NULL, NULL);
return;
}
@@ -5780,20 +5729,6 @@ pf_check_proto_cksum(struct mbuf *m, int off, int len, u_int8_t p,
return (0);
}
-static int
-pf_add_mbuf_tag(struct mbuf *m, u_int tag)
-{
- struct m_tag *mtag;
-
- if (m_tag_find(m, tag, NULL) != NULL)
- return (0);
- mtag = m_tag_get(tag, 0, M_NOWAIT);
- if (mtag == NULL)
- return (1);
- m_tag_prepend(m, mtag);
- return (0);
-}
-
#ifdef INET
int
pf_test(int dir, struct ifnet *ifp, struct mbuf **m0,
@@ -5809,8 +5744,16 @@ pf_test(int dir, struct ifnet *ifp, struct mbuf **m0,
struct pf_pdesc pd;
int off, dirndx, pqid = 0;
- if (!pf_status.running ||
- (m_tag_find(m, PACKET_TAG_PF_GENERATED, NULL) != NULL))
+ if (!pf_status.running)
+ return (PF_PASS);
+
+ memset(&pd, 0, sizeof(pd));
+ if ((pd.pf_mtag = pf_get_mtag(m)) == NULL) {
+ DPFPRINTF(PF_DEBUG_URGENT,
+ ("pf_test: pf_get_mtag returned NULL\n"));
+ return (PF_DROP);
+ }
+ if (pd.pf_mtag->flags & PF_TAG_GENERATED)
return (PF_PASS);
if (ifp->if_type == IFT_CARP && ifp->if_carpdev)
@@ -5830,7 +5773,6 @@ pf_test(int dir, struct ifnet *ifp, struct mbuf **m0,
panic("non-M_PKTHDR is passed to pf_test");
#endif /* DIAGNOSTIC */
- memset(&pd, 0, sizeof(pd));
if (m->m_pkthdr.len < (int)sizeof(*h)) {
action = PF_DROP;
REASON_SET(&reason, PFRES_SHORT);
@@ -6001,25 +5943,17 @@ done:
}
if (s && s->tag)
- pf_tag_packet(m, pf_get_tag(m), s->tag);
+ pf_tag_packet(m, pd.pf_mtag, s->tag);
#ifdef ALTQ
if (action == PF_PASS && r->qid) {
- struct m_tag *mtag;
- struct altq_tag *atag;
-
- mtag = m_tag_get(PACKET_TAG_PF_QID, sizeof(*atag), M_NOWAIT);
- if (mtag != NULL) {
- atag = (struct altq_tag *)(mtag + 1);
- if (pqid || pd.tos == IPTOS_LOWDELAY)
- atag->qid = r->pqid;
- else
- atag->qid = r->qid;
- /* add hints for ecn */
- atag->af = AF_INET;
- atag->hdr = h;
- m_tag_prepend(m, mtag);
- }
+ if (pqid || pd.tos == IPTOS_LOWDELAY)
+ pd.pf_mtag->qid = r->pqid;
+ else
+ pd.pf_mtag->qid = r->qid;
+ /* add hints for ecn */
+ pd.pf_mtag->af = AF_INET;
+ pd.pf_mtag->hdr = h;
}
#endif /* ALTQ */
@@ -6032,11 +5966,8 @@ done:
pd.proto == IPPROTO_UDP) && s != NULL && s->nat_rule.ptr != NULL &&
(s->nat_rule.ptr->action == PF_RDR ||
s->nat_rule.ptr->action == PF_BINAT) &&
- (ntohl(pd.dst->v4.s_addr) >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET &&
- pf_add_mbuf_tag(m, PACKET_TAG_PF_TRANSLATE_LOCALHOST)) {
- action = PF_DROP;
- REASON_SET(&reason, PFRES_MEMORY);
- }
+ (ntohl(pd.dst->v4.s_addr) >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET)
+ pd.pf_mtag->flags |= PF_TAG_TRANSLATE_LOCALHOST;
if (log) {
struct pf_rule *lr;
@@ -6121,7 +6052,7 @@ done:
action = PF_PASS;
} else if (r->rt)
/* pf_route can free the mbuf causing *m0 to become NULL */
- pf_route(m0, r, dir, ifp, s);
+ pf_route(m0, r, dir, ifp, s, &pd);
return (action);
}
@@ -6142,8 +6073,16 @@ pf_test6(int dir, struct ifnet *ifp, struct mbuf **m0,
struct pf_pdesc pd;
int off, terminal = 0, dirndx;
- if (!pf_status.running ||
- (m_tag_find(m, PACKET_TAG_PF_GENERATED, NULL) != NULL))
+ if (!pf_status.running)
+ return (PF_PASS);
+
+ memset(&pd, 0, sizeof(pd));
+ if ((pd.pf_mtag = pf_get_mtag(m)) == NULL) {
+ DPFPRINTF(PF_DEBUG_URGENT,
+ ("pf_test6: pf_get_mtag returned NULL\n"));
+ return (PF_DROP);
+ }
+ if (pd.pf_mtag->flags & PF_TAG_GENERATED)
return (PF_PASS);
if (ifp->if_type == IFT_CARP && ifp->if_carpdev)
@@ -6163,7 +6102,6 @@ pf_test6(int dir, struct ifnet *ifp, struct mbuf **m0,
panic("non-M_PKTHDR is passed to pf_test6");
#endif /* DIAGNOSTIC */
- memset(&pd, 0, sizeof(pd));
if (m->m_pkthdr.len < (int)sizeof(*h)) {
action = PF_DROP;
REASON_SET(&reason, PFRES_SHORT);
@@ -6351,25 +6289,17 @@ done:
/* XXX handle IPv6 options, if not allowed. not implemented. */
if (s && s->tag)
- pf_tag_packet(m, pf_get_tag(m), s->tag);
+ pf_tag_packet(m, pd.pf_mtag, s->tag);
#ifdef ALTQ
if (action == PF_PASS && r->qid) {
- struct m_tag *mtag;
- struct altq_tag *atag;
-
- mtag = m_tag_get(PACKET_TAG_PF_QID, sizeof(*atag), M_NOWAIT);
- if (mtag != NULL) {
- atag = (struct altq_tag *)(mtag + 1);
- if (pd.tos == IPTOS_LOWDELAY)
- atag->qid = r->pqid;
- else
- atag->qid = r->qid;
- /* add hints for ecn */
- atag->af = AF_INET6;
- atag->hdr = h;
- m_tag_prepend(m, mtag);
- }
+ if (pd.tos == IPTOS_LOWDELAY)
+ pd.pf_mtag->qid = r->pqid;
+ else
+ pd.pf_mtag->qid = r->qid;
+ /* add hints for ecn */
+ pd.pf_mtag->af = AF_INET6;
+ pd.pf_mtag->hdr = h;
}
#endif /* ALTQ */
@@ -6377,11 +6307,8 @@ done:
pd.proto == IPPROTO_UDP) && s != NULL && s->nat_rule.ptr != NULL &&
(s->nat_rule.ptr->action == PF_RDR ||
s->nat_rule.ptr->action == PF_BINAT) &&
- IN6_IS_ADDR_LOOPBACK(&pd.dst->v6) &&
- pf_add_mbuf_tag(m, PACKET_TAG_PF_TRANSLATE_LOCALHOST)) {
- action = PF_DROP;
- REASON_SET(&reason, PFRES_MEMORY);
- }
+ IN6_IS_ADDR_LOOPBACK(&pd.dst->v6))
+ pd.pf_mtag->flags |= PF_TAG_TRANSLATE_LOCALHOST;
if (log) {
struct pf_rule *lr;
@@ -6466,7 +6393,7 @@ done:
action = PF_PASS;
} else if (r->rt)
/* pf_route6 can free the mbuf causing *m0 to become NULL */
- pf_route6(m0, r, dir, ifp, s);
+ pf_route6(m0, r, dir, ifp, s, &pd);
return (action);
}
diff --git a/sys/net/pf_norm.c b/sys/net/pf_norm.c
index 26d0a99189d..4d1d77578bc 100644
--- a/sys/net/pf_norm.c
+++ b/sys/net/pf_norm.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf_norm.c,v 1.102 2005/08/06 12:11:09 pascoe Exp $ */
+/* $OpenBSD: pf_norm.c,v 1.103 2005/10/17 08:43:35 henning Exp $ */
/*
* Copyright 2001 Niels Provos <provos@citi.umich.edu>
@@ -931,15 +931,13 @@ pf_normalize_ip(struct mbuf **m0, int dir, struct pfi_kif *kif, u_short *reason,
/* non-buffering fragment cache (drops or masks overlaps) */
int nomem = 0;
- if (dir == PF_OUT) {
- if (m_tag_find(m, PACKET_TAG_PF_FRAGCACHE, NULL) !=
- NULL) {
- /* Already passed the fragment cache in the
- * input direction. If we continued, it would
- * appear to be a dup and would be dropped.
- */
- goto fragment_pass;
- }
+ if (dir == PF_OUT && pd->pf_mtag->flags & PF_TAG_FRAGCACHE) {
+ /*
+ * Already passed the fragment cache in the
+ * input direction. If we continued, it would
+ * appear to be a dup and would be dropped.
+ */
+ goto fragment_pass;
}
frag = pf_find_fragment(h, &pf_cache_tree);
@@ -960,14 +958,9 @@ pf_normalize_ip(struct mbuf **m0, int dir, struct pfi_kif *kif, u_short *reason,
goto drop;
}
- if (dir == PF_IN) {
- struct m_tag *mtag;
+ if (dir == PF_IN)
+ pd->pf_mtag->flags |= PF_TAG_FRAGCACHE;
- mtag = m_tag_get(PACKET_TAG_PF_FRAGCACHE, 0, M_NOWAIT);
- if (mtag == NULL)
- goto no_mem;
- m_tag_prepend(m, mtag);
- }
if (frag != NULL && (frag->fr_flags & PFFRAG_DROP))
goto drop;
goto fragment_pass;
diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h
index b458696b2d2..e6b78bee8d6 100644
--- a/sys/net/pfvar.h
+++ b/sys/net/pfvar.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfvar.h,v 1.230 2005/09/28 01:46:33 pascoe Exp $ */
+/* $OpenBSD: pfvar.h,v 1.231 2005/10/17 08:43:35 henning Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -936,6 +936,7 @@ struct pf_pdesc {
struct pf_addr *dst;
struct ether_header
*eh;
+ struct pf_mtag *pf_mtag;
u_int16_t *ip_sum;
u_int32_t p_len; /* total length of payload */
u_int16_t flags; /* Let SCRUB trigger behavior in
@@ -1139,6 +1140,19 @@ struct pf_altq {
u_int32_t qid; /* return value */
};
+#define PF_TAG_GENERATED 0x01
+#define PF_TAG_FRAGCACHE 0x02
+#define PF_TAG_TRANSLATE_LOCALHOST 0x04
+
+struct pf_mtag {
+ void *hdr; /* saved hdr pos in mbuf, for ECN */
+ u_int32_t qid; /* queue id */
+ u_int16_t tag; /* tag id */
+ u_int8_t flags;
+ u_int8_t routed;
+ sa_family_t af; /* for ECN */
+};
+
struct pf_tag {
u_int16_t tag; /* tag id */
};
@@ -1561,14 +1575,16 @@ int pfi_get_ifaces(const char *, struct pfi_kif *, int *);
int pfi_set_flags(const char *, int);
int pfi_clear_flags(const char *, int);
-u_int16_t pf_tagname2tag(char *);
-void pf_tag2tagname(u_int16_t, char *);
-void pf_tag_ref(u_int16_t);
-void pf_tag_unref(u_int16_t);
-int pf_tag_packet(struct mbuf *, struct pf_tag *, int);
-u_int32_t pf_qname2qid(char *);
-void pf_qid2qname(u_int32_t, char *);
-void pf_qid_unref(u_int32_t);
+u_int16_t pf_tagname2tag(char *);
+void pf_tag2tagname(u_int16_t, char *);
+void pf_tag_ref(u_int16_t);
+void pf_tag_unref(u_int16_t);
+int pf_tag_packet(struct mbuf *, struct pf_mtag *, int);
+u_int32_t pf_qname2qid(char *);
+void pf_qid2qname(u_int32_t, char *);
+void pf_qid_unref(u_int32_t);
+struct pf_mtag *pf_find_mtag(struct mbuf *);
+struct pf_mtag *pf_get_mtag(struct mbuf *);
extern struct pf_status pf_status;
extern struct pool pf_frent_pl, pf_frag_pl;
diff --git a/sys/netinet/ip_icmp.c b/sys/netinet/ip_icmp.c
index f82e5ab5fe7..69ffef86641 100644
--- a/sys/netinet/ip_icmp.c
+++ b/sys/netinet/ip_icmp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_icmp.c,v 1.68 2005/07/31 03:30:55 pascoe Exp $ */
+/* $OpenBSD: ip_icmp.c,v 1.69 2005/10/17 08:43:34 henning Exp $ */
/* $NetBSD: ip_icmp.c,v 1.19 1996/02/13 23:42:22 christos Exp $ */
/*
@@ -134,8 +134,10 @@ icmp_do_error(struct mbuf *n, int type, int code, n_long dest, int destmtu)
unsigned oiplen = oip->ip_hl << 2;
struct icmp *icp;
struct mbuf *m;
- struct m_tag *mtag;
unsigned icmplen, mblen;
+#if NPF > 0
+ struct pf_mtag *mtag;
+#endif
#ifdef ICMPPRINTFS
if (icmpprintfs)
@@ -251,13 +253,14 @@ icmp_do_error(struct mbuf *n, int type, int code, n_long dest, int destmtu)
nip->ip_p = IPPROTO_ICMP;
nip->ip_src = oip->ip_src;
nip->ip_dst = oip->ip_dst;
- /* move PF_GENERATED m_tag to new packet, if it exists */
- mtag = m_tag_find(n, PACKET_TAG_PF_GENERATED, NULL);
- if (mtag != NULL) {
- m_tag_unlink(n, mtag);
- m_tag_prepend(m, mtag);
+#if NPF > 0
+ /* move PF_GENERATED to new packet, if existant XXX preserve more? */
+ if ((mtag = pf_find_mtag(n)) != NULL &&
+ mtag->flags & PF_TAG_GENERATED) {
+ mtag = pf_get_tag(m);
+ mtag->flags |= PF_TAG_GENERATED;
}
-
+#endif
m_freem(n);
return (m);
diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c
index 71ff36cf3df..d95fd196561 100644
--- a/sys/netinet/tcp_input.c
+++ b/sys/netinet/tcp_input.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tcp_input.c,v 1.190 2005/08/11 11:39:36 markus Exp $ */
+/* $OpenBSD: tcp_input.c,v 1.191 2005/10/17 08:43:34 henning Exp $ */
/* $NetBSD: tcp_input.c,v 1.23 1996/02/13 23:43:44 christos Exp $ */
/*
@@ -604,19 +604,25 @@ findpcb:
break;
}
if (inp == 0) {
+ int inpl_flags = 0;
+#if NPF > 0
+ struct pf_mtag *t;
+
+ if ((t = pf_find_mtag(m)) != NULL &&
+ t->flags & PF_TAG_TRANSLATE_LOCALHOST)
+ inpl_flags = INPLOOKUP_WILDCARD;
+#endif
++tcpstat.tcps_pcbhashmiss;
switch (af) {
#ifdef INET6
case AF_INET6:
inp = in6_pcblookup_listen(&tcbtable,
- &ip6->ip6_dst, th->th_dport, m_tag_find(m,
- PACKET_TAG_PF_TRANSLATE_LOCALHOST, NULL) != NULL);
+ &ip6->ip6_dst, th->th_dport, inpl_flags);
break;
#endif /* INET6 */
case AF_INET:
inp = in_pcblookup_listen(&tcbtable,
- ip->ip_dst, th->th_dport, m_tag_find(m,
- PACKET_TAG_PF_TRANSLATE_LOCALHOST, NULL) != NULL);
+ ip->ip_dst, th->th_dport, inpl_flags);
break;
}
/*
diff --git a/sys/netinet/udp_usrreq.c b/sys/netinet/udp_usrreq.c
index 587ae62f5c3..46ff8c86d36 100644
--- a/sys/netinet/udp_usrreq.c
+++ b/sys/netinet/udp_usrreq.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: udp_usrreq.c,v 1.104 2005/05/27 04:55:28 mcbride Exp $ */
+/* $OpenBSD: udp_usrreq.c,v 1.105 2005/10/17 08:43:34 henning Exp $ */
/* $NetBSD: udp_usrreq.c,v 1.28 1996/03/16 23:54:03 christos Exp $ */
/*
@@ -525,17 +525,23 @@ udp_input(struct mbuf *m, ...)
inp = in_pcbhashlookup(&udbtable, ip->ip_src, uh->uh_sport,
ip->ip_dst, uh->uh_dport);
if (inp == 0) {
+ int inpl_reverse = 0;
+#if NPF > 0
+ struct pf_mtag *t;
+
+ if ((t = pf_find_mtag(m)) != NULL &&
+ t->flags & PF_TAG_TRANSLATE_LOCALHOST)
+ inpl_reverse = 1;
+#endif
++udpstat.udps_pcbhashmiss;
#ifdef INET6
if (ip6) {
inp = in6_pcblookup_listen(&udbtable,
- &ip6->ip6_dst, uh->uh_dport, m_tag_find(m,
- PACKET_TAG_PF_TRANSLATE_LOCALHOST, NULL) != NULL);
+ &ip6->ip6_dst, uh->uh_dport, inpl_reverse);
} else
#endif /* INET6 */
inp = in_pcblookup_listen(&udbtable,
- ip->ip_dst, uh->uh_dport, m_tag_find(m,
- PACKET_TAG_PF_TRANSLATE_LOCALHOST, NULL) != NULL);
+ ip->ip_dst, uh->uh_dport, inpl_reverse);
if (inp == 0) {
udpstat.udps_noport++;
if (m->m_flags & (M_BCAST | M_MCAST)) {
diff --git a/sys/sys/mbuf.h b/sys/sys/mbuf.h
index 6255c749d90..1d5b2f13a81 100644
--- a/sys/sys/mbuf.h
+++ b/sys/sys/mbuf.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: mbuf.h,v 1.82 2005/05/26 01:49:15 markus Exp $ */
+/* $OpenBSD: mbuf.h,v 1.83 2005/10/17 08:43:34 henning Exp $ */
/* $NetBSD: mbuf.h,v 1.19 1996/02/09 18:25:14 christos Exp $ */
/*
@@ -585,12 +585,7 @@ struct m_tag *m_tag_next(struct mbuf *, struct m_tag *);
#define PACKET_TAG_GIF 8 /* GIF processing done */
#define PACKET_TAG_GRE 9 /* GRE processing done */
#define PACKET_TAG_IN_PACKET_CHECKSUM 10 /* NIC checksumming done */
-#define PACKET_TAG_PF_GENERATED 11 /* PF generated, pass always */
-#define PACKET_TAG_PF_ROUTED 12 /* PF routed, no route loops */
-#define PACKET_TAG_PF_FRAGCACHE 13 /* PF fragment cached */
-#define PACKET_TAG_PF_QID 14 /* PF queue id */
-#define PACKET_TAG_PF_TAG 15 /* PF tags */
-#define PACKET_TAG_PF_TRANSLATE_LOCALHOST 16 /* translated to localhost */
+#define PACKET_TAG_PF 11 /* PF */
#define PACKET_TAG_DLT 17 /* data link layer type */
#ifdef MBTYPES