diff options
Diffstat (limited to 'sys')
-rw-r--r-- | sys/net/pf.c | 18 | ||||
-rw-r--r-- | sys/net/pfvar.h | 4 | ||||
-rw-r--r-- | sys/netinet/ipsec_input.c | 5 | ||||
-rw-r--r-- | sys/netinet/ipsec_output.c | 5 |
4 files changed, 10 insertions, 22 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index 1a8786c3557..df9b3048427 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.727 2011/02/23 15:46:14 mikeb Exp $ */ +/* $OpenBSD: pf.c,v 1.728 2011/03/05 01:53:16 bluhm Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -2293,17 +2293,13 @@ pf_match_rcvif(struct mbuf *m, struct pf_rule *r) return (pfi_kif_match(r->rcv_kif, kif)); } -int +void pf_tag_packet(struct mbuf *m, int tag, int rtableid) { - if (tag <= 0 && rtableid < 0) - return (0); if (tag > 0) m->m_pkthdr.pf.tag = tag; if (rtableid >= 0) m->m_pkthdr.rdomain = rtableid; - - return (0); } void @@ -2988,10 +2984,7 @@ pf_test_rule(struct pf_rule **rm, struct pf_state **sm, int direction, if (r->action == PF_DROP) goto cleanup; - if (pf_tag_packet(m, tag, act.rtableid)) { - REASON_SET(&reason, PFRES_MEMORY); - goto cleanup; - } + pf_tag_packet(m, tag, act.rtableid); if (act.rtableid >= 0 && rtable_l2(act.rtableid) != pd->rdomain) pd->destchg = 1; @@ -3465,10 +3458,7 @@ pf_test_fragment(struct pf_rule **rm, int direction, struct pfi_kif *kif, if (r->action == PF_DROP) return (PF_DROP); - if (pf_tag_packet(m, tag, -1)) { - REASON_SET(&reason, PFRES_MEMORY); - return (PF_DROP); - } + pf_tag_packet(m, tag, -1); return (PF_PASS); } diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h index 6266f89f51a..f1d852b70ec 100644 --- a/sys/net/pfvar.h +++ b/sys/net/pfvar.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pfvar.h,v 1.320 2011/01/11 13:35:58 mcbride Exp $ */ +/* $OpenBSD: pfvar.h,v 1.321 2011/03/05 01:53:16 bluhm Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -1867,7 +1867,7 @@ u_int16_t pf_tagname2tag(char *); void pf_tag2tagname(u_int16_t, char *); void pf_tag_ref(u_int16_t); void pf_tag_unref(u_int16_t); -int pf_tag_packet(struct mbuf *, int, int); +void pf_tag_packet(struct mbuf *, int, int); u_int32_t pf_qname2qid(char *); void pf_qid2qname(u_int32_t, char *); void pf_qid_unref(u_int32_t); diff --git a/sys/netinet/ipsec_input.c b/sys/netinet/ipsec_input.c index 1c565a10040..54cb2484778 100644 --- a/sys/netinet/ipsec_input.c +++ b/sys/netinet/ipsec_input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ipsec_input.c,v 1.99 2010/12/21 19:16:15 markus Exp $ */ +/* $OpenBSD: ipsec_input.c,v 1.100 2011/03/05 01:53:16 bluhm Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr) and @@ -574,8 +574,7 @@ ipsec_common_input_cb(struct mbuf *m, struct tdb *tdbp, int skip, int protoff, #if NPF > 0 /* Add pf tag if requested. */ - if (pf_tag_packet(m, tdbp->tdb_tag, -1)) - DPRINTF(("failed to tag ipsec packet\n")); + pf_tag_packet(m, tdbp->tdb_tag, -1); pf_pkt_addr_changed(m); #endif diff --git a/sys/netinet/ipsec_output.c b/sys/netinet/ipsec_output.c index 13601532e09..530b17336b4 100644 --- a/sys/netinet/ipsec_output.c +++ b/sys/netinet/ipsec_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ipsec_output.c,v 1.43 2010/07/09 16:58:06 reyk Exp $ */ +/* $OpenBSD: ipsec_output.c,v 1.44 2011/03/05 01:53:16 bluhm Exp $ */ /* * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu) * @@ -501,8 +501,7 @@ ipsp_process_done(struct mbuf *m, struct tdb *tdb) #if NPF > 0 /* Add pf tag if requested. */ - if (pf_tag_packet(m, tdb->tdb_tag, -1)) - DPRINTF(("failed to tag ipsec packet\n")); + pf_tag_packet(m, tdb->tdb_tag, -1); pf_pkt_addr_changed(m); #endif |