diff options
Diffstat (limited to 'sys')
-rw-r--r-- | sys/net/if_bridge.c | 7 | ||||
-rw-r--r-- | sys/net/pf.c | 71 | ||||
-rw-r--r-- | sys/net/pfvar.h | 4 | ||||
-rw-r--r-- | sys/netinet/ip_input.c | 10 | ||||
-rw-r--r-- | sys/netinet/ip_output.c | 30 |
5 files changed, 53 insertions, 69 deletions
diff --git a/sys/net/if_bridge.c b/sys/net/if_bridge.c index ea50f267f6b..5690b6c5e76 100644 --- a/sys/net/if_bridge.c +++ b/sys/net/if_bridge.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_bridge.c,v 1.66 2001/06/25 05:04:43 kjell Exp $ */ +/* $OpenBSD: if_bridge.c,v 1.67 2001/06/26 18:17:53 deraadt Exp $ */ /* * Copyright (c) 1999, 2000 Jason L. Wright (jason@thought.net) @@ -1880,7 +1880,6 @@ bridge_filter(sc, ifp, eh, m) struct llc llc; int hassnap = 0; struct ip *ip; - struct mbuf *m1; int hlen; if (eh->ether_type != htons(ETHERTYPE_IP)) { @@ -1948,10 +1947,8 @@ bridge_filter(sc, ifp, eh, m) } /* Finally, we get to filter the packet! */ - m1 = m; - if (pf_test(PF_IN, m->m_pkthdr.rcvif, &m1) != PF_PASS) + if (pf_test(PF_IN, m->m_pkthdr.rcvif, m) != PF_PASS) goto dropit; - m = m1; /* Rebuild the IP header */ if (m->m_len < hlen && ((m = m_pullup(m, hlen)) == NULL)) diff --git a/sys/net/pf.c b/sys/net/pf.c index cf556577fa0..b714244c30d 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.54 2001/06/26 17:45:57 provos Exp $ */ +/* $OpenBSD: pf.c,v 1.55 2001/06/26 18:17:53 deraadt Exp $ */ /* * Copyright (c) 2001, Daniel Hartmeier @@ -148,21 +148,20 @@ int match_addr(u_int8_t, u_int32_t, u_int32_t, u_int32_t); int match_port(u_int8_t, u_int16_t, u_int16_t, u_int16_t); struct pf_nat *get_nat(struct ifnet *, u_int8_t, u_int32_t); struct pf_rdr *get_rdr(struct ifnet *, u_int8_t, u_int32_t, u_int16_t); -int pf_test_tcp(int, struct ifnet *, struct mbuf **, +int pf_test_tcp(int, struct ifnet *, struct mbuf *, int, int, struct ip *, struct tcphdr *); -int pf_test_udp(int, struct ifnet *, struct mbuf **, +int pf_test_udp(int, struct ifnet *, struct mbuf *, int, int, struct ip *, struct udphdr *); -int pf_test_icmp(int, struct ifnet *, struct mbuf **, +int pf_test_icmp(int, struct ifnet *, struct mbuf *, int, int, struct ip *, struct icmp *); -struct pf_state *pf_test_state_tcp(int, struct ifnet *, struct mbuf **, +struct pf_state *pf_test_state_tcp(int, struct ifnet *, struct mbuf *, int, int, struct ip *, struct tcphdr *); -struct pf_state *pf_test_state_udp(int, struct ifnet *, struct mbuf **, +struct pf_state *pf_test_state_udp(int, struct ifnet *, struct mbuf *, int, int, struct ip *, struct udphdr *); -struct pf_state *pf_test_state_icmp(int, struct ifnet *, struct mbuf **, +struct pf_state *pf_test_state_icmp(int, struct ifnet *, struct mbuf *, int, int, struct ip *, struct icmp *); -void *pull_hdr(struct ifnet *, struct mbuf **, int, int, void *, int, +void *pull_hdr(struct ifnet *, struct mbuf *, int, int, void *, int, struct ip *, int *); -int pf_test(int, struct ifnet *, struct mbuf **); int pflog_packet(struct mbuf *, int, u_short, u_short, u_short, struct pf_rule *); @@ -1218,7 +1217,7 @@ get_rdr(struct ifnet *ifp, u_int8_t proto, u_int32_t addr, u_int16_t port) } int -pf_test_tcp(int direction, struct ifnet *ifp, struct mbuf **m, +pf_test_tcp(int direction, struct ifnet *ifp, struct mbuf *m, int ipoff, int off, struct ip *h, struct tcphdr *th) { struct pf_nat *nat = NULL; @@ -1276,7 +1275,7 @@ pf_test_tcp(int direction, struct ifnet *ifp, struct mbuf **m, /* XXX will log packet before rewrite */ if ((rm != NULL) && rm->log) - PFLOG_PACKET(h, *m, AF_INET, direction, PFRES_MATCH, mnr, rm); + PFLOG_PACKET(h, m, AF_INET, direction, PFRES_MATCH, mnr, rm); if ((rm != NULL) && (rm->action == PF_DROP_RST)) { /* undo NAT/RST changes, if they have taken place */ @@ -1358,13 +1357,13 @@ pf_test_tcp(int direction, struct ifnet *ifp, struct mbuf **m, /* copy back packet headers if we performed NAT operations */ if (rewrite) - m_copyback((*m), off, sizeof(*th), (caddr_t)th); + m_copyback(m, off, sizeof(*th), (caddr_t)th); return (PF_PASS); } int -pf_test_udp(int direction, struct ifnet *ifp, struct mbuf **m, +pf_test_udp(int direction, struct ifnet *ifp, struct mbuf *m, int ipoff, int off, struct ip *h, struct udphdr *uh) { struct pf_nat *nat = NULL; @@ -1420,7 +1419,7 @@ pf_test_udp(int direction, struct ifnet *ifp, struct mbuf **m, /* XXX will log packet before rewrite */ if (rm != NULL && rm->log) - PFLOG_PACKET(h, *m, AF_INET, direction, PFRES_MATCH, mnr, rm); + PFLOG_PACKET(h, m, AF_INET, direction, PFRES_MATCH, mnr, rm); if (rm != NULL && rm->action != PF_PASS) return (PF_DROP); @@ -1482,13 +1481,13 @@ pf_test_udp(int direction, struct ifnet *ifp, struct mbuf **m, /* copy back packet headers if we performed NAT operations */ if (rewrite) - m_copyback((*m), off, sizeof(*uh), (caddr_t)uh); + m_copyback(m, off, sizeof(*uh), (caddr_t)uh); return (PF_PASS); } int -pf_test_icmp(int direction, struct ifnet *ifp, struct mbuf **m, +pf_test_icmp(int direction, struct ifnet *ifp, struct mbuf *m, int ipoff, int off, struct ip *h, struct icmp *ih) { struct pf_nat *nat = NULL; @@ -1528,7 +1527,7 @@ pf_test_icmp(int direction, struct ifnet *ifp, struct mbuf **m, /* XXX will log packet before rewrite */ if (rm != NULL && rm->log) - PFLOG_PACKET(h, *m, AF_INET, direction, PFRES_MATCH, mnr, rm); + PFLOG_PACKET(h, m, AF_INET, direction, PFRES_MATCH, mnr, rm); if (rm != NULL && rm->action != PF_PASS) return (PF_DROP); @@ -1579,13 +1578,13 @@ pf_test_icmp(int direction, struct ifnet *ifp, struct mbuf **m, /* copy back packet headers if we performed NAT operations */ if (rewrite) - m_copyback((*m), off, sizeof(*ih), (caddr_t)ih); + m_copyback(m, off, sizeof(*ih), (caddr_t)ih); return (PF_PASS); } struct pf_state * -pf_test_state_tcp(int direction, struct ifnet *ifp, struct mbuf **m, +pf_test_state_tcp(int direction, struct ifnet *ifp, struct mbuf *m, int ipoff, int off, struct ip *h, struct tcphdr *th) { struct pf_state *s; @@ -1732,7 +1731,7 @@ pf_test_state_tcp(int direction, struct ifnet *ifp, struct mbuf **m, /* copy back packet headers if we performed NAT operations */ if (rewrite) - m_copyback((*m), off, sizeof(*th), (caddr_t)th); + m_copyback(m, off, sizeof(*th), (caddr_t)th); return (s); } @@ -1740,7 +1739,7 @@ pf_test_state_tcp(int direction, struct ifnet *ifp, struct mbuf **m, } struct pf_state * -pf_test_state_udp(int direction, struct ifnet *ifp, struct mbuf **m, +pf_test_state_udp(int direction, struct ifnet *ifp, struct mbuf *m, int ipoff, int off, struct ip *h, struct udphdr *uh) { struct pf_state *s; @@ -1798,7 +1797,7 @@ pf_test_state_udp(int direction, struct ifnet *ifp, struct mbuf **m, /* copy back packet headers if we performed NAT operations */ if (rewrite) - m_copyback((*m), off, sizeof(*uh), (caddr_t)uh); + m_copyback(m, off, sizeof(*uh), (caddr_t)uh); return (s); } @@ -1806,7 +1805,7 @@ pf_test_state_udp(int direction, struct ifnet *ifp, struct mbuf **m, } struct pf_state * -pf_test_state_icmp(int direction, struct ifnet *ifp, struct mbuf **m, +pf_test_state_icmp(int direction, struct ifnet *ifp, struct mbuf *m, int ipoff, int off, struct ip *h, struct icmp *ih) { u_int16_t len = h->ip_len - off - sizeof(*ih); @@ -1948,10 +1947,10 @@ pf_test_state_icmp(int direction, struct ifnet *ifp, struct mbuf **m, * operations */ if (rewrite) { - m_copyback((*m), off, sizeof(*ih), (caddr_t)ih); - m_copyback((*m), ipoff2, sizeof(h2), + m_copyback(m, off, sizeof(*ih), (caddr_t)ih); + m_copyback(m, ipoff2, sizeof(h2), (caddr_t)&h2); - m_copyback((*m), off2, sizeof(th), + m_copyback(m, off2, sizeof(th), (caddr_t)&th); } @@ -2003,10 +2002,10 @@ pf_test_state_icmp(int direction, struct ifnet *ifp, struct mbuf **m, * operations */ if (rewrite) { - m_copyback((*m), off, sizeof(*ih), (caddr_t)ih); - m_copyback((*m), ipoff2, sizeof(h2), + m_copyback(m, off, sizeof(*ih), (caddr_t)ih); + m_copyback(m, ipoff2, sizeof(h2), (caddr_t)&h2); - m_copyback((*m), off2, sizeof(uh), + m_copyback(m, off2, sizeof(uh), (caddr_t)&uh); } @@ -2027,7 +2026,7 @@ pf_test_state_icmp(int direction, struct ifnet *ifp, struct mbuf **m, * h must be at "ipoff" on the mbuf chain. */ void * -pull_hdr(struct ifnet *ifp, struct mbuf **m, int ipoff, int off, void *p, +pull_hdr(struct ifnet *ifp, struct mbuf *m, int ipoff, int off, void *p, int len, struct ip *h, int *action) { u_int16_t fragoff = (h->ip_off & IP_OFFMASK) << 3; @@ -2048,18 +2047,18 @@ pull_hdr(struct ifnet *ifp, struct mbuf **m, int ipoff, int off, void *p, } return (NULL); } - if ((*m)->m_pkthdr.len < off + len || ipoff + h->ip_len < off + len) { + if (m->m_pkthdr.len < off + len || ipoff + h->ip_len < off + len) { *action = PF_DROP; printf("pf: dropping short packet"); print_ip(ifp, h); return (NULL); } - m_copydata((*m), off, len, p); + m_copydata(m, off, len, p); return p; } int -pf_test(int direction, struct ifnet *ifp, struct mbuf **m) +pf_test(int direction, struct ifnet *ifp, struct mbuf *m) { int action; struct ip *h; @@ -2069,7 +2068,7 @@ pf_test(int direction, struct ifnet *ifp, struct mbuf **m) return (PF_PASS); #ifdef DIAGNOSTIC - if (((*m)->m_flags & M_PKTHDR) == 0) + if ((m->m_flags & M_PKTHDR) == 0) panic("non-M_PKTHDR is passed to pf_test"); #endif @@ -2080,12 +2079,12 @@ pf_test(int direction, struct ifnet *ifp, struct mbuf **m) pf_last_purge = pftv.tv_sec; } - if ((*m)->m_pkthdr.len < sizeof(*h)) { + if (m->m_pkthdr.len < sizeof(*h)) { printf("pf: ip header too short\n"); action = PF_DROP; goto done; } - h = mtod(*m, struct ip *); + h = mtod(m, struct ip *); off = h->ip_hl << 2; diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h index 7fe4d629a17..f0ca3500c1e 100644 --- a/sys/net/pfvar.h +++ b/sys/net/pfvar.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pfvar.h,v 1.14 2001/06/26 15:33:01 provos Exp $ */ +/* $OpenBSD: pfvar.h,v 1.15 2001/06/26 18:17:53 deraadt Exp $ */ /* * Copyright (c) 2001, Daniel Hartmeier @@ -192,7 +192,7 @@ struct pfioc_if { #ifdef _KERNEL -int pf_test(int, struct ifnet *, struct mbuf **); +int pf_test(int, struct ifnet *, struct mbuf *); #endif /* _KERNEL */ diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c index d915dbadec8..c57dba67acc 100644 --- a/sys/netinet/ip_input.c +++ b/sys/netinet/ip_input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_input.c,v 1.86 2001/06/25 08:05:24 art Exp $ */ +/* $OpenBSD: ip_input.c,v 1.87 2001/06/26 18:17:54 deraadt Exp $ */ /* $NetBSD: ip_input.c,v 1.30 1996/03/16 23:53:58 christos Exp $ */ /* @@ -386,12 +386,8 @@ ipv4_input(m) * Packet filter */ #if NPF > 0 - { - struct mbuf *m1 = m; - if (pf_test(PF_IN, m->m_pkthdr.rcvif, &m1) != PF_PASS) - goto bad; - ip = mtod(m = m1, struct ip *); - } + if (pf_test(PF_IN, m->m_pkthdr.rcvif, m) != PF_PASS) + goto bad; #endif /* * Process options and, if not destined for us, diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c index daef0dfeb88..77b3ff88c54 100644 --- a/sys/netinet/ip_output.c +++ b/sys/netinet/ip_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_output.c,v 1.126 2001/06/25 17:16:23 angelos Exp $ */ +/* $OpenBSD: ip_output.c,v 1.127 2001/06/26 18:17:54 deraadt Exp $ */ /* $NetBSD: ip_output.c,v 1.28 1996/02/13 23:43:07 christos Exp $ */ /* @@ -589,17 +589,13 @@ sendit: * Packet filter */ #if NPF > 0 - { - struct mbuf *m1 = m; - if (pf_test(PF_OUT, &encif[0].sc_if, &m1) != PF_PASS) { - error = EHOSTUNREACH; - splx(s); - m_freem(m1); - goto done; - } - ip = mtod(m = m1, struct ip *); - hlen = ip->ip_hl << 2; + if (pf_test(PF_OUT, &encif[0].sc_if, m) != PF_PASS) { + error = EHOSTUNREACH; + splx(s); + m_freem(m); + goto done; } + hlen = ip->ip_hl << 2; #endif tdb = gettdb(sspi, &sdst, sproto); @@ -678,14 +674,10 @@ sendit: * Packet filter */ #if NPF > 0 - { - struct mbuf *m1 = m; - if (pf_test(PF_OUT, ifp, &m1) != PF_PASS) { - error = EHOSTUNREACH; - m_freem(m1); - goto done; - } - ip = mtod(m = m1, struct ip *); + if (pf_test(PF_OUT, ifp, m) != PF_PASS) { + error = EHOSTUNREACH; + m_freem(m); + goto done; } #endif /* Catch routing changes wrt. hardware checksumming for TCP or UDP. */ |