summaryrefslogtreecommitdiff
path: root/sys
diff options
context:
space:
mode:
Diffstat (limited to 'sys')
-rw-r--r--sys/net/if_bridge.c7
-rw-r--r--sys/net/pf.c71
-rw-r--r--sys/net/pfvar.h4
-rw-r--r--sys/netinet/ip_input.c10
-rw-r--r--sys/netinet/ip_output.c30
5 files changed, 53 insertions, 69 deletions
diff --git a/sys/net/if_bridge.c b/sys/net/if_bridge.c
index ea50f267f6b..5690b6c5e76 100644
--- a/sys/net/if_bridge.c
+++ b/sys/net/if_bridge.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: if_bridge.c,v 1.66 2001/06/25 05:04:43 kjell Exp $ */
+/* $OpenBSD: if_bridge.c,v 1.67 2001/06/26 18:17:53 deraadt Exp $ */
/*
* Copyright (c) 1999, 2000 Jason L. Wright (jason@thought.net)
@@ -1880,7 +1880,6 @@ bridge_filter(sc, ifp, eh, m)
struct llc llc;
int hassnap = 0;
struct ip *ip;
- struct mbuf *m1;
int hlen;
if (eh->ether_type != htons(ETHERTYPE_IP)) {
@@ -1948,10 +1947,8 @@ bridge_filter(sc, ifp, eh, m)
}
/* Finally, we get to filter the packet! */
- m1 = m;
- if (pf_test(PF_IN, m->m_pkthdr.rcvif, &m1) != PF_PASS)
+ if (pf_test(PF_IN, m->m_pkthdr.rcvif, m) != PF_PASS)
goto dropit;
- m = m1;
/* Rebuild the IP header */
if (m->m_len < hlen && ((m = m_pullup(m, hlen)) == NULL))
diff --git a/sys/net/pf.c b/sys/net/pf.c
index cf556577fa0..b714244c30d 100644
--- a/sys/net/pf.c
+++ b/sys/net/pf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf.c,v 1.54 2001/06/26 17:45:57 provos Exp $ */
+/* $OpenBSD: pf.c,v 1.55 2001/06/26 18:17:53 deraadt Exp $ */
/*
* Copyright (c) 2001, Daniel Hartmeier
@@ -148,21 +148,20 @@ int match_addr(u_int8_t, u_int32_t, u_int32_t, u_int32_t);
int match_port(u_int8_t, u_int16_t, u_int16_t, u_int16_t);
struct pf_nat *get_nat(struct ifnet *, u_int8_t, u_int32_t);
struct pf_rdr *get_rdr(struct ifnet *, u_int8_t, u_int32_t, u_int16_t);
-int pf_test_tcp(int, struct ifnet *, struct mbuf **,
+int pf_test_tcp(int, struct ifnet *, struct mbuf *,
int, int, struct ip *, struct tcphdr *);
-int pf_test_udp(int, struct ifnet *, struct mbuf **,
+int pf_test_udp(int, struct ifnet *, struct mbuf *,
int, int, struct ip *, struct udphdr *);
-int pf_test_icmp(int, struct ifnet *, struct mbuf **,
+int pf_test_icmp(int, struct ifnet *, struct mbuf *,
int, int, struct ip *, struct icmp *);
-struct pf_state *pf_test_state_tcp(int, struct ifnet *, struct mbuf **,
+struct pf_state *pf_test_state_tcp(int, struct ifnet *, struct mbuf *,
int, int, struct ip *, struct tcphdr *);
-struct pf_state *pf_test_state_udp(int, struct ifnet *, struct mbuf **,
+struct pf_state *pf_test_state_udp(int, struct ifnet *, struct mbuf *,
int, int, struct ip *, struct udphdr *);
-struct pf_state *pf_test_state_icmp(int, struct ifnet *, struct mbuf **,
+struct pf_state *pf_test_state_icmp(int, struct ifnet *, struct mbuf *,
int, int, struct ip *, struct icmp *);
-void *pull_hdr(struct ifnet *, struct mbuf **, int, int, void *, int,
+void *pull_hdr(struct ifnet *, struct mbuf *, int, int, void *, int,
struct ip *, int *);
-int pf_test(int, struct ifnet *, struct mbuf **);
int pflog_packet(struct mbuf *, int, u_short, u_short, u_short,
struct pf_rule *);
@@ -1218,7 +1217,7 @@ get_rdr(struct ifnet *ifp, u_int8_t proto, u_int32_t addr, u_int16_t port)
}
int
-pf_test_tcp(int direction, struct ifnet *ifp, struct mbuf **m,
+pf_test_tcp(int direction, struct ifnet *ifp, struct mbuf *m,
int ipoff, int off, struct ip *h, struct tcphdr *th)
{
struct pf_nat *nat = NULL;
@@ -1276,7 +1275,7 @@ pf_test_tcp(int direction, struct ifnet *ifp, struct mbuf **m,
/* XXX will log packet before rewrite */
if ((rm != NULL) && rm->log)
- PFLOG_PACKET(h, *m, AF_INET, direction, PFRES_MATCH, mnr, rm);
+ PFLOG_PACKET(h, m, AF_INET, direction, PFRES_MATCH, mnr, rm);
if ((rm != NULL) && (rm->action == PF_DROP_RST)) {
/* undo NAT/RST changes, if they have taken place */
@@ -1358,13 +1357,13 @@ pf_test_tcp(int direction, struct ifnet *ifp, struct mbuf **m,
/* copy back packet headers if we performed NAT operations */
if (rewrite)
- m_copyback((*m), off, sizeof(*th), (caddr_t)th);
+ m_copyback(m, off, sizeof(*th), (caddr_t)th);
return (PF_PASS);
}
int
-pf_test_udp(int direction, struct ifnet *ifp, struct mbuf **m,
+pf_test_udp(int direction, struct ifnet *ifp, struct mbuf *m,
int ipoff, int off, struct ip *h, struct udphdr *uh)
{
struct pf_nat *nat = NULL;
@@ -1420,7 +1419,7 @@ pf_test_udp(int direction, struct ifnet *ifp, struct mbuf **m,
/* XXX will log packet before rewrite */
if (rm != NULL && rm->log)
- PFLOG_PACKET(h, *m, AF_INET, direction, PFRES_MATCH, mnr, rm);
+ PFLOG_PACKET(h, m, AF_INET, direction, PFRES_MATCH, mnr, rm);
if (rm != NULL && rm->action != PF_PASS)
return (PF_DROP);
@@ -1482,13 +1481,13 @@ pf_test_udp(int direction, struct ifnet *ifp, struct mbuf **m,
/* copy back packet headers if we performed NAT operations */
if (rewrite)
- m_copyback((*m), off, sizeof(*uh), (caddr_t)uh);
+ m_copyback(m, off, sizeof(*uh), (caddr_t)uh);
return (PF_PASS);
}
int
-pf_test_icmp(int direction, struct ifnet *ifp, struct mbuf **m,
+pf_test_icmp(int direction, struct ifnet *ifp, struct mbuf *m,
int ipoff, int off, struct ip *h, struct icmp *ih)
{
struct pf_nat *nat = NULL;
@@ -1528,7 +1527,7 @@ pf_test_icmp(int direction, struct ifnet *ifp, struct mbuf **m,
/* XXX will log packet before rewrite */
if (rm != NULL && rm->log)
- PFLOG_PACKET(h, *m, AF_INET, direction, PFRES_MATCH, mnr, rm);
+ PFLOG_PACKET(h, m, AF_INET, direction, PFRES_MATCH, mnr, rm);
if (rm != NULL && rm->action != PF_PASS)
return (PF_DROP);
@@ -1579,13 +1578,13 @@ pf_test_icmp(int direction, struct ifnet *ifp, struct mbuf **m,
/* copy back packet headers if we performed NAT operations */
if (rewrite)
- m_copyback((*m), off, sizeof(*ih), (caddr_t)ih);
+ m_copyback(m, off, sizeof(*ih), (caddr_t)ih);
return (PF_PASS);
}
struct pf_state *
-pf_test_state_tcp(int direction, struct ifnet *ifp, struct mbuf **m,
+pf_test_state_tcp(int direction, struct ifnet *ifp, struct mbuf *m,
int ipoff, int off, struct ip *h, struct tcphdr *th)
{
struct pf_state *s;
@@ -1732,7 +1731,7 @@ pf_test_state_tcp(int direction, struct ifnet *ifp, struct mbuf **m,
/* copy back packet headers if we performed NAT operations */
if (rewrite)
- m_copyback((*m), off, sizeof(*th), (caddr_t)th);
+ m_copyback(m, off, sizeof(*th), (caddr_t)th);
return (s);
}
@@ -1740,7 +1739,7 @@ pf_test_state_tcp(int direction, struct ifnet *ifp, struct mbuf **m,
}
struct pf_state *
-pf_test_state_udp(int direction, struct ifnet *ifp, struct mbuf **m,
+pf_test_state_udp(int direction, struct ifnet *ifp, struct mbuf *m,
int ipoff, int off, struct ip *h, struct udphdr *uh)
{
struct pf_state *s;
@@ -1798,7 +1797,7 @@ pf_test_state_udp(int direction, struct ifnet *ifp, struct mbuf **m,
/* copy back packet headers if we performed NAT operations */
if (rewrite)
- m_copyback((*m), off, sizeof(*uh), (caddr_t)uh);
+ m_copyback(m, off, sizeof(*uh), (caddr_t)uh);
return (s);
}
@@ -1806,7 +1805,7 @@ pf_test_state_udp(int direction, struct ifnet *ifp, struct mbuf **m,
}
struct pf_state *
-pf_test_state_icmp(int direction, struct ifnet *ifp, struct mbuf **m,
+pf_test_state_icmp(int direction, struct ifnet *ifp, struct mbuf *m,
int ipoff, int off, struct ip *h, struct icmp *ih)
{
u_int16_t len = h->ip_len - off - sizeof(*ih);
@@ -1948,10 +1947,10 @@ pf_test_state_icmp(int direction, struct ifnet *ifp, struct mbuf **m,
* operations
*/
if (rewrite) {
- m_copyback((*m), off, sizeof(*ih), (caddr_t)ih);
- m_copyback((*m), ipoff2, sizeof(h2),
+ m_copyback(m, off, sizeof(*ih), (caddr_t)ih);
+ m_copyback(m, ipoff2, sizeof(h2),
(caddr_t)&h2);
- m_copyback((*m), off2, sizeof(th),
+ m_copyback(m, off2, sizeof(th),
(caddr_t)&th);
}
@@ -2003,10 +2002,10 @@ pf_test_state_icmp(int direction, struct ifnet *ifp, struct mbuf **m,
* operations
*/
if (rewrite) {
- m_copyback((*m), off, sizeof(*ih), (caddr_t)ih);
- m_copyback((*m), ipoff2, sizeof(h2),
+ m_copyback(m, off, sizeof(*ih), (caddr_t)ih);
+ m_copyback(m, ipoff2, sizeof(h2),
(caddr_t)&h2);
- m_copyback((*m), off2, sizeof(uh),
+ m_copyback(m, off2, sizeof(uh),
(caddr_t)&uh);
}
@@ -2027,7 +2026,7 @@ pf_test_state_icmp(int direction, struct ifnet *ifp, struct mbuf **m,
* h must be at "ipoff" on the mbuf chain.
*/
void *
-pull_hdr(struct ifnet *ifp, struct mbuf **m, int ipoff, int off, void *p,
+pull_hdr(struct ifnet *ifp, struct mbuf *m, int ipoff, int off, void *p,
int len, struct ip *h, int *action)
{
u_int16_t fragoff = (h->ip_off & IP_OFFMASK) << 3;
@@ -2048,18 +2047,18 @@ pull_hdr(struct ifnet *ifp, struct mbuf **m, int ipoff, int off, void *p,
}
return (NULL);
}
- if ((*m)->m_pkthdr.len < off + len || ipoff + h->ip_len < off + len) {
+ if (m->m_pkthdr.len < off + len || ipoff + h->ip_len < off + len) {
*action = PF_DROP;
printf("pf: dropping short packet");
print_ip(ifp, h);
return (NULL);
}
- m_copydata((*m), off, len, p);
+ m_copydata(m, off, len, p);
return p;
}
int
-pf_test(int direction, struct ifnet *ifp, struct mbuf **m)
+pf_test(int direction, struct ifnet *ifp, struct mbuf *m)
{
int action;
struct ip *h;
@@ -2069,7 +2068,7 @@ pf_test(int direction, struct ifnet *ifp, struct mbuf **m)
return (PF_PASS);
#ifdef DIAGNOSTIC
- if (((*m)->m_flags & M_PKTHDR) == 0)
+ if ((m->m_flags & M_PKTHDR) == 0)
panic("non-M_PKTHDR is passed to pf_test");
#endif
@@ -2080,12 +2079,12 @@ pf_test(int direction, struct ifnet *ifp, struct mbuf **m)
pf_last_purge = pftv.tv_sec;
}
- if ((*m)->m_pkthdr.len < sizeof(*h)) {
+ if (m->m_pkthdr.len < sizeof(*h)) {
printf("pf: ip header too short\n");
action = PF_DROP;
goto done;
}
- h = mtod(*m, struct ip *);
+ h = mtod(m, struct ip *);
off = h->ip_hl << 2;
diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h
index 7fe4d629a17..f0ca3500c1e 100644
--- a/sys/net/pfvar.h
+++ b/sys/net/pfvar.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfvar.h,v 1.14 2001/06/26 15:33:01 provos Exp $ */
+/* $OpenBSD: pfvar.h,v 1.15 2001/06/26 18:17:53 deraadt Exp $ */
/*
* Copyright (c) 2001, Daniel Hartmeier
@@ -192,7 +192,7 @@ struct pfioc_if {
#ifdef _KERNEL
-int pf_test(int, struct ifnet *, struct mbuf **);
+int pf_test(int, struct ifnet *, struct mbuf *);
#endif /* _KERNEL */
diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c
index d915dbadec8..c57dba67acc 100644
--- a/sys/netinet/ip_input.c
+++ b/sys/netinet/ip_input.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_input.c,v 1.86 2001/06/25 08:05:24 art Exp $ */
+/* $OpenBSD: ip_input.c,v 1.87 2001/06/26 18:17:54 deraadt Exp $ */
/* $NetBSD: ip_input.c,v 1.30 1996/03/16 23:53:58 christos Exp $ */
/*
@@ -386,12 +386,8 @@ ipv4_input(m)
* Packet filter
*/
#if NPF > 0
- {
- struct mbuf *m1 = m;
- if (pf_test(PF_IN, m->m_pkthdr.rcvif, &m1) != PF_PASS)
- goto bad;
- ip = mtod(m = m1, struct ip *);
- }
+ if (pf_test(PF_IN, m->m_pkthdr.rcvif, m) != PF_PASS)
+ goto bad;
#endif
/*
* Process options and, if not destined for us,
diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c
index daef0dfeb88..77b3ff88c54 100644
--- a/sys/netinet/ip_output.c
+++ b/sys/netinet/ip_output.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_output.c,v 1.126 2001/06/25 17:16:23 angelos Exp $ */
+/* $OpenBSD: ip_output.c,v 1.127 2001/06/26 18:17:54 deraadt Exp $ */
/* $NetBSD: ip_output.c,v 1.28 1996/02/13 23:43:07 christos Exp $ */
/*
@@ -589,17 +589,13 @@ sendit:
* Packet filter
*/
#if NPF > 0
- {
- struct mbuf *m1 = m;
- if (pf_test(PF_OUT, &encif[0].sc_if, &m1) != PF_PASS) {
- error = EHOSTUNREACH;
- splx(s);
- m_freem(m1);
- goto done;
- }
- ip = mtod(m = m1, struct ip *);
- hlen = ip->ip_hl << 2;
+ if (pf_test(PF_OUT, &encif[0].sc_if, m) != PF_PASS) {
+ error = EHOSTUNREACH;
+ splx(s);
+ m_freem(m);
+ goto done;
}
+ hlen = ip->ip_hl << 2;
#endif
tdb = gettdb(sspi, &sdst, sproto);
@@ -678,14 +674,10 @@ sendit:
* Packet filter
*/
#if NPF > 0
- {
- struct mbuf *m1 = m;
- if (pf_test(PF_OUT, ifp, &m1) != PF_PASS) {
- error = EHOSTUNREACH;
- m_freem(m1);
- goto done;
- }
- ip = mtod(m = m1, struct ip *);
+ if (pf_test(PF_OUT, ifp, m) != PF_PASS) {
+ error = EHOSTUNREACH;
+ m_freem(m);
+ goto done;
}
#endif
/* Catch routing changes wrt. hardware checksumming for TCP or UDP. */