diff options
| -rw-r--r-- | share/man/man4/divert.4 | 21 | ||||
| -rw-r--r-- | sys/netinet/in.h | 7 | ||||
| -rw-r--r-- | sys/netinet/in_pcb.h | 3 | ||||
| -rw-r--r-- | sys/netinet/ip_divert.c | 14 | ||||
| -rw-r--r-- | sys/netinet/raw_ip.c | 35 | ||||
| -rw-r--r-- | sys/netinet6/ip6_divert.c | 14 | ||||
| -rw-r--r-- | sys/netinet6/raw_ip6.c | 36 |
7 files changed, 10 insertions, 120 deletions
diff --git a/share/man/man4/divert.4 b/share/man/man4/divert.4 index bcbdba3ba5a..cf28c1a1e6b 100644 --- a/share/man/man4/divert.4 +++ b/share/man/man4/divert.4 @@ -1,4 +1,4 @@ -.\" $OpenBSD: divert.4,v 1.17 2017/08/25 16:11:01 bluhm Exp $ +.\" $OpenBSD: divert.4,v 1.18 2017/10/06 21:14:55 bluhm Exp $ .\" .\" Copyright (c) 2009 Michele Marchetto <michele@openbsd.org> .\" Copyright (c) 2012-2014 Lawrence Teo <lteo@openbsd.org> @@ -15,7 +15,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: August 25 2017 $ +.Dd $Mdocdate: October 6 2017 $ .Dt DIVERT 4 .Os .Sh NAME @@ -99,22 +99,6 @@ Receive and send divert socket buffer space can be tuned through shows information relevant to divert sockets. Note that the default is 64k and too short to handle full sized UDP packets. -.Pp -The IP_DIVERTFL socket option on the IPPROTO_IP level controls -whether both inbound and outbound packets are diverted (the default) -or only packets travelling in one direction. -It cannot be reset once set. -Valid values are -.Dv IPPROTO_DIVERT_INIT -for the direction of the initial packet of a flow, and -.Dv IPPROTO_DIVERT_RESP -for the direction of the response packets. -The direction is relative to the packet direction. -So for pf out rules, it is the other way around. -If one filter is active, it specifies which packets should not be -diverted. -Both directions can be combined as bit fields, but then the traffic -is not filtered; not using the P_DIVERTFL option has the same effect. .Sh EXAMPLES The following PF rule queues outbound IPv4 packets to TCP port 80, as well as the return traffic, on the em0 interface to divert port 700: @@ -216,7 +200,6 @@ main(int argc, char *argv[]) } .Ed .Sh SEE ALSO -.Xr setsockopt 2 , .Xr socket 2 , .Xr ip 4 , .Xr pf.conf 5 diff --git a/sys/netinet/in.h b/sys/netinet/in.h index 68a3826459d..3bc34d8d7e7 100644 --- a/sys/netinet/in.h +++ b/sys/netinet/in.h @@ -1,4 +1,4 @@ -/* $OpenBSD: in.h,v 1.124 2017/08/11 19:53:02 bluhm Exp $ */ +/* $OpenBSD: in.h,v 1.125 2017/10/06 21:14:55 bluhm Exp $ */ /* $NetBSD: in.h,v 1.20 1996/02/13 23:41:47 christos Exp $ */ /* @@ -317,11 +317,6 @@ struct ip_opts { /* source address to use */ #define IP_RTABLE 0x1021 /* int; routing table, see SO_RTABLE */ -#define IP_DIVERTFL 0x1022 /* int; divert direction flag opt */ - -/* Values used by IP_DIVERTFL socket option */ -#define IPPROTO_DIVERT_RESP 0x01 /* divert response packets */ -#define IPPROTO_DIVERT_INIT 0x02 /* divert packets initial direction */ #if __BSD_VISIBLE /* diff --git a/sys/netinet/in_pcb.h b/sys/netinet/in_pcb.h index bbebfd52717..c8ad4c4ae2c 100644 --- a/sys/netinet/in_pcb.h +++ b/sys/netinet/in_pcb.h @@ -1,4 +1,4 @@ -/* $OpenBSD: in_pcb.h,v 1.104 2016/09/03 14:18:42 phessler Exp $ */ +/* $OpenBSD: in_pcb.h,v 1.105 2017/10/06 21:14:55 bluhm Exp $ */ /* $NetBSD: in_pcb.h,v 1.14 1996/02/13 23:42:00 christos Exp $ */ /* @@ -143,7 +143,6 @@ struct inpcb { struct pf_state_key *inp_pf_sk; u_int inp_rtableid; int inp_pipex; /* pipex indication */ - int inp_divertfl; /* divert flags */ }; LIST_HEAD(inpcbhead, inpcb); diff --git a/sys/netinet/ip_divert.c b/sys/netinet/ip_divert.c index a6b57213d81..42c355d123b 100644 --- a/sys/netinet/ip_divert.c +++ b/sys/netinet/ip_divert.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_divert.c,v 1.52 2017/09/06 11:43:04 bluhm Exp $ */ +/* $OpenBSD: ip_divert.c,v 1.53 2017/10/06 21:14:55 bluhm Exp $ */ /* * Copyright (c) 2009 Michele Marchetto <michele@openbsd.org> @@ -186,18 +186,6 @@ divert_packet(struct mbuf *m, int dir, u_int16_t divert_port) return (0); } - TAILQ_FOREACH(inp, &divbtable.inpt_queue, inp_queue) { - if (inp->inp_lport != divert_port) - continue; - if (inp->inp_divertfl == 0) - break; - if (dir == PF_IN && !(inp->inp_divertfl & IPPROTO_DIVERT_RESP)) - return (-1); - if (dir == PF_OUT && !(inp->inp_divertfl & IPPROTO_DIVERT_INIT)) - return (-1); - break; - } - memset(&addr, 0, sizeof(addr)); addr.sin_family = AF_INET; addr.sin_len = sizeof(addr); diff --git a/sys/netinet/raw_ip.c b/sys/netinet/raw_ip.c index 19d89af6da9..3e4af999eea 100644 --- a/sys/netinet/raw_ip.c +++ b/sys/netinet/raw_ip.c @@ -1,4 +1,4 @@ -/* $OpenBSD: raw_ip.c,v 1.103 2017/09/05 07:59:11 mpi Exp $ */ +/* $OpenBSD: raw_ip.c,v 1.104 2017/10/06 21:14:55 bluhm Exp $ */ /* $NetBSD: raw_ip.c,v 1.25 1996/02/18 18:58:33 christos Exp $ */ /* @@ -298,8 +298,7 @@ rip_ctloutput(int op, struct socket *so, int level, int optname, struct mbuf *m) { struct inpcb *inp = sotoinpcb(so); - int error = 0; - int dir; + int error; if (level != IPPROTO_IP) return (EINVAL); @@ -321,36 +320,6 @@ rip_ctloutput(int op, struct socket *so, int level, int optname, } return (error); - case IP_DIVERTFL: - switch (op) { - case PRCO_SETOPT: - if (m == NULL || m->m_len < sizeof (int)) { - error = EINVAL; - break; - } - dir = *mtod(m, int *); - if (inp->inp_divertfl > 0) - error = ENOTSUP; - else if ((dir & IPPROTO_DIVERT_RESP) || - (dir & IPPROTO_DIVERT_INIT)) - inp->inp_divertfl = dir; - else - error = EINVAL; - - break; - - case PRCO_GETOPT: - m->m_len = sizeof(int); - *mtod(m, int *) = inp->inp_divertfl; - break; - - default: - error = EINVAL; - break; - } - - return (error); - case MRT_INIT: case MRT_DONE: case MRT_ADD_VIF: diff --git a/sys/netinet6/ip6_divert.c b/sys/netinet6/ip6_divert.c index b3ccd4ac69a..dec7634da9d 100644 --- a/sys/netinet6/ip6_divert.c +++ b/sys/netinet6/ip6_divert.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip6_divert.c,v 1.51 2017/09/06 11:43:04 bluhm Exp $ */ +/* $OpenBSD: ip6_divert.c,v 1.52 2017/10/06 21:14:55 bluhm Exp $ */ /* * Copyright (c) 2009 Michele Marchetto <michele@openbsd.org> @@ -190,18 +190,6 @@ divert6_packet(struct mbuf *m, int dir, u_int16_t divert_port) return (0); } - TAILQ_FOREACH(inp, &divb6table.inpt_queue, inp_queue) { - if (inp->inp_lport != divert_port) - continue; - if (inp->inp_divertfl == 0) - break; - if (dir == PF_IN && !(inp->inp_divertfl & IPPROTO_DIVERT_RESP)) - return (-1); - if (dir == PF_OUT && !(inp->inp_divertfl & IPPROTO_DIVERT_INIT)) - return (-1); - break; - } - memset(&addr, 0, sizeof(addr)); addr.sin6_family = AF_INET6; addr.sin6_len = sizeof(addr); diff --git a/sys/netinet6/raw_ip6.c b/sys/netinet6/raw_ip6.c index d9777ba4674..875d6821b00 100644 --- a/sys/netinet6/raw_ip6.c +++ b/sys/netinet6/raw_ip6.c @@ -1,4 +1,4 @@ -/* $OpenBSD: raw_ip6.c,v 1.119 2017/09/05 07:59:11 mpi Exp $ */ +/* $OpenBSD: raw_ip6.c,v 1.120 2017/10/06 21:14:55 bluhm Exp $ */ /* $KAME: raw_ip6.c,v 1.69 2001/03/04 15:55:44 itojun Exp $ */ /* @@ -490,43 +490,11 @@ int rip6_ctloutput(int op, struct socket *so, int level, int optname, struct mbuf *m) { - struct inpcb *inp = sotoinpcb(so); - int error = 0; - int dir; + int error; switch (level) { case IPPROTO_IPV6: switch (optname) { - - case IP_DIVERTFL: - switch (op) { - case PRCO_SETOPT: - if (m == NULL || m->m_len < sizeof(int)) { - error = EINVAL; - break; - } - dir = *mtod(m, int *); - if (inp->inp_divertfl > 0) - error = ENOTSUP; - else if ((dir & IPPROTO_DIVERT_RESP) || - (dir & IPPROTO_DIVERT_INIT)) - inp->inp_divertfl = dir; - else - error = EINVAL; - break; - - case PRCO_GETOPT: - m->m_len = sizeof(int); - *mtod(m, int *) = inp->inp_divertfl; - break; - - default: - error = EINVAL; - break; - } - - return (error); - #ifdef MROUTING case MRT6_INIT: case MRT6_DONE: |