From aa799beefd4c8fce27ceb0fd6ed143fb40859be2 Mon Sep 17 00:00:00 2001 From: Claudio Jeker Date: Tue, 3 Nov 2009 10:59:05 +0000 Subject: rtables are stacked on rdomains (it is possible to have multiple routing tables on top of a rdomain) but until now our code was a crazy mix so that it was impossible to correctly use rtables in that case. Additionally pf(4) only knows about rtables and not about rdomains. This is especially bad when tracking (possibly conflicting) states in various domains. This diff fixes all or most of these issues. It adds a lookup function to get the rdomain id based on a rtable id. Makes pf understand rdomains and allows pf to move packets between rdomains (it is similar to NAT). Because pf states now track the rdomain id as well it is necessary to modify the pfsync wire format. So old and new systems will not sync up. A lot of help by dlg@, tested by sthen@, jsg@ and probably more OK dlg@, mpf@, deraadt@ --- sys/net/if_sl.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) (limited to 'sys/net/if_sl.c') diff --git a/sys/net/if_sl.c b/sys/net/if_sl.c index 3d45a60b39d..f49c428562e 100644 --- a/sys/net/if_sl.c +++ b/sys/net/if_sl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_sl.c,v 1.38 2009/07/19 08:16:06 blambert Exp $ */ +/* $OpenBSD: if_sl.c,v 1.39 2009/11/03 10:59:04 claudio Exp $ */ /* $NetBSD: if_sl.c,v 1.39.4.1 1996/06/02 16:26:31 thorpej Exp $ */ /* @@ -426,12 +426,11 @@ sloutput(ifp, m, dst, rtp) } #ifdef DIAGNOSTIC - if (ifp->if_rdomain != m->m_pkthdr.rdomain) { + if (ifp->if_rdomain != rtable_l2(m->m_pkthdr.rdomain)) { printf("%s: trying to send packet on wrong domain. " - "%d vs. %d, AF %d\n", ifp->if_xname, ifp->if_rdomain, - m->m_pkthdr.rdomain, dst->sa_family); - m_freem(m); - return (ENETDOWN); + "if %d vs. mbuf %d, AF %d\n", ifp->if_xname, + ifp->if_rdomain, rtable_l2(m->m_pkthdr.rdomain), + dst->sa_family); } #endif -- cgit v1.2.3