From ad552c9859c9eaf2501ba4067d78c1ae67c6778e Mon Sep 17 00:00:00 2001
From: Martin Pieuchot <mpi@cvs.openbsd.org>
Date: Thu, 16 Jul 2015 21:14:22 +0000
Subject: Kill IP_ROUTETOETHER.

This pseudo-option is a hack to support return-rst on bridge(4).  It
passes Ethernet information via a "struct route" through ip_output().

"struct route" is slowly dying...

ok claudio@, benno@
---
 sys/net/if_bridge.c |  9 ++++-----
 sys/net/pf.c        | 56 +++++++++++++++--------------------------------------
 sys/net/pfvar.h     |  7 ++-----
 3 files changed, 22 insertions(+), 50 deletions(-)

(limited to 'sys/net')

diff --git a/sys/net/if_bridge.c b/sys/net/if_bridge.c
index cd9fcb232ac..4fcb1974ffa 100644
--- a/sys/net/if_bridge.c
+++ b/sys/net/if_bridge.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: if_bridge.c,v 1.253 2015/07/15 22:16:41 deraadt Exp $	*/
+/*	$OpenBSD: if_bridge.c,v 1.254 2015/07/16 21:14:21 mpi Exp $	*/
 
 /*
  * Copyright (c) 1999, 2000 Jason L. Wright (jason@thought.net)
@@ -2193,8 +2193,7 @@ bridge_ipsec(struct bridge_softc *sc, struct ifnet *ifp,
 #if NPF > 0
 			if ((encif = enc_getif(tdb->tdb_rdomain,
 			    tdb->tdb_tap)) == NULL ||
-			    pf_test(af, dir, encif,
-			    &m, NULL) != PF_PASS) {
+			    pf_test(af, dir, encif, &m) != PF_PASS) {
 				m_freem(m);
 				return (1);
 			}
@@ -2344,7 +2343,7 @@ bridge_ip(struct bridge_softc *sc, int dir, struct ifnet *ifp,
 #endif /* IPSEC */
 #if NPF > 0
 		/* Finally, we get to filter the packet! */
-		if (pf_test(AF_INET, dir, ifp, &m, eh) != PF_PASS)
+		if (pf_test(AF_INET, dir, ifp, &m) != PF_PASS)
 			goto dropit;
 		if (m == NULL)
 			goto dropit;
@@ -2400,7 +2399,7 @@ bridge_ip(struct bridge_softc *sc, int dir, struct ifnet *ifp,
 #endif /* IPSEC */
 
 #if NPF > 0
-		if (pf_test(AF_INET6, dir, ifp, &m, eh) != PF_PASS)
+		if (pf_test(AF_INET6, dir, ifp, &m) != PF_PASS)
 			goto dropit;
 		if (m == NULL)
 			return (NULL);
diff --git a/sys/net/pf.c b/sys/net/pf.c
index f221ec582e4..fd27045de51 100644
--- a/sys/net/pf.c
+++ b/sys/net/pf.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pf.c,v 1.923 2015/07/16 16:12:15 mpi Exp $ */
+/*	$OpenBSD: pf.c,v 1.924 2015/07/16 21:14:21 mpi Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -56,6 +56,7 @@
 #include <crypto/sha2.h>
 
 #include <net/if.h>
+#include <net/if_var.h>
 #include <net/if_types.h>
 #include <net/route.h>
 #include <net/radix_mpath.h>
@@ -73,7 +74,6 @@
 #include <netinet/tcp_fsm.h>
 #include <netinet/udp_var.h>
 #include <netinet/icmp_var.h>
-#include <netinet/if_ether.h>
 #include <netinet/ip_divert.h>
 
 #include <net/pfvar.h>
@@ -162,8 +162,7 @@ void			 pf_send_tcp(const struct pf_rule *, sa_family_t,
 			    const struct pf_addr *, const struct pf_addr *,
 			    u_int16_t, u_int16_t, u_int32_t, u_int32_t,
 			    u_int8_t, u_int16_t, u_int16_t, u_int8_t, int,
-			    u_int16_t, u_int, struct ether_header *,
-			    struct ifnet *);
+			    u_int16_t, u_int);
 void			 pf_send_icmp(struct mbuf *, u_int8_t, u_int8_t,
 			    sa_family_t, struct pf_rule *, u_int);
 void			 pf_detach_state(struct pf_state *);
@@ -1262,7 +1261,7 @@ pf_unlink_state(struct pf_state *cur)
 		    cur->key[PF_SK_WIRE]->port[0],
 		    cur->src.seqhi, cur->src.seqlo + 1,
 		    TH_RST|TH_ACK, 0, 0, 0, 1, cur->tag,
-		    cur->key[PF_SK_WIRE]->rdomain, NULL, NULL);
+		    cur->key[PF_SK_WIRE]->rdomain);
 	}
 	RB_REMOVE(pf_state_tree_id, &tree_id, cur);
 #if NPFLOW > 0
@@ -2295,7 +2294,7 @@ pf_send_tcp(const struct pf_rule *r, sa_family_t af,
     const struct pf_addr *saddr, const struct pf_addr *daddr,
     u_int16_t sport, u_int16_t dport, u_int32_t seq, u_int32_t ack,
     u_int8_t flags, u_int16_t win, u_int16_t mss, u_int8_t ttl, int tag,
-    u_int16_t rtag, u_int rdom, struct ether_header *eh, struct ifnet *ifp)
+    u_int16_t rtag, u_int rdom)
 {
 	struct mbuf	*m;
 	int		 len, tlen;
@@ -2392,26 +2391,7 @@ pf_send_tcp(const struct pf_rule *r, sa_family_t af,
 
 	switch (af) {
 	case AF_INET:
-		if (eh == NULL) {
-			ip_output(m, NULL, NULL, 0, NULL, NULL, 0);
-		} else {
-			struct route		 ro;
-			struct rtentry		 rt;
-			struct ether_header	*e = (void *)ro.ro_dst.sa_data;
-
-			if (ifp == NULL) {
-				m_freem(m);
-				return;
-			}
-			rt.rt_ifp = ifp;
-			ro.ro_rt = &rt;
-			ro.ro_dst.sa_len = sizeof(ro.ro_dst);
-			ro.ro_dst.sa_family = pseudo_AF_HDRCMPLT;
-			memcpy(e->ether_shost, eh->ether_dhost, ETHER_ADDR_LEN);
-			memcpy(e->ether_dhost, eh->ether_shost, ETHER_ADDR_LEN);
-			e->ether_type = eh->ether_type;
-			ip_output(m, NULL, &ro, IP_ROUTETOETHER, NULL, NULL, 0);
-		}
+		ip_output(m, NULL, NULL, 0, NULL, NULL, 0);
 		break;
 #ifdef INET6
 	case AF_INET6:
@@ -3317,8 +3297,7 @@ pf_test_rule(struct pf_pdesc *pd, struct pf_rule **rm, struct pf_state **sm,
 				pf_send_tcp(r, pd->af, pd->dst,
 				    pd->src, th->th_dport, th->th_sport,
 				    ntohl(th->th_ack), ack, TH_RST|TH_ACK, 0, 0,
-				    r->return_ttl, 1, 0, pd->rdomain,
-				    pd->eh, pd->kif->pfik_ifp);
+				    r->return_ttl, 1, 0, pd->rdomain);
 			}
 		} else if ((pd->proto != IPPROTO_ICMP ||
 		    ICMP_INFOTYPE(icmptype)) && pd->af == AF_INET &&
@@ -3598,8 +3577,7 @@ pf_create_state(struct pf_pdesc *pd, struct pf_rule *r, struct pf_rule *a,
 		s->src.mss = mss;
 		pf_send_tcp(r, pd->af, pd->dst, pd->src, th->th_dport,
 		    th->th_sport, s->src.seqhi, ntohl(th->th_seq) + 1,
-		    TH_SYN|TH_ACK, 0, s->src.mss, 0, 1, 0, pd->rdomain,
-		    NULL, NULL);
+		    TH_SYN|TH_ACK, 0, s->src.mss, 0, 1, 0, pd->rdomain);
 		REASON_SET(&reason, PFRES_SYNPROXY);
 		return (PF_SYNPROXY_DROP);
 	}
@@ -4066,7 +4044,7 @@ pf_tcp_track_full(struct pf_pdesc *pd, struct pf_state_peer *src,
 				    th->th_sport, ntohl(th->th_ack), 0,
 				    TH_RST, 0, 0,
 				    (*state)->rule.ptr->return_ttl, 1, 0,
-				    pd->rdomain, pd->eh, pd->kif->pfik_ifp);
+				    pd->rdomain);
 			src->seqlo = 0;
 			src->seqhi = 1;
 			src->max_win = 1;
@@ -4189,7 +4167,7 @@ pf_synproxy(struct pf_pdesc *pd, struct pf_state **state, u_short *reason)
 			    pd->src, th->th_dport, th->th_sport,
 			    (*state)->src.seqhi, ntohl(th->th_seq) + 1,
 			    TH_SYN|TH_ACK, 0, (*state)->src.mss, 0, 1,
-			    0, pd->rdomain, NULL, NULL);
+			    0, pd->rdomain);
 			REASON_SET(reason, PFRES_SYNPROXY);
 			return (PF_SYNPROXY_DROP);
 		} else if ((th->th_flags & (TH_ACK|TH_RST|TH_FIN)) != TH_ACK ||
@@ -4222,7 +4200,7 @@ pf_synproxy(struct pf_pdesc *pd, struct pf_state **state, u_short *reason)
 			    sk->port[pd->sidx], sk->port[pd->didx],
 			    (*state)->dst.seqhi, 0, TH_SYN, 0,
 			    (*state)->src.mss, 0, 0, (*state)->tag,
-			    sk->rdomain, NULL, NULL);
+			    sk->rdomain);
 			REASON_SET(reason, PFRES_SYNPROXY);
 			return (PF_SYNPROXY_DROP);
 		} else if (((th->th_flags & (TH_SYN|TH_ACK)) !=
@@ -4237,13 +4215,13 @@ pf_synproxy(struct pf_pdesc *pd, struct pf_state **state, u_short *reason)
 			    pd->src, th->th_dport, th->th_sport,
 			    ntohl(th->th_ack), ntohl(th->th_seq) + 1,
 			    TH_ACK, (*state)->src.max_win, 0, 0, 0,
-			    (*state)->tag, pd->rdomain, NULL, NULL);
+			    (*state)->tag, pd->rdomain);
 			pf_send_tcp((*state)->rule.ptr, pd->af,
 			    &sk->addr[pd->sidx], &sk->addr[pd->didx],
 			    sk->port[pd->sidx], sk->port[pd->didx],
 			    (*state)->src.seqhi + 1, (*state)->src.seqlo + 1,
 			    TH_ACK, (*state)->dst.max_win, 0, 0, 1,
-			    0, sk->rdomain, NULL, NULL);
+			    0, sk->rdomain);
 			(*state)->src.seqdiff = (*state)->dst.seqhi -
 			    (*state)->src.seqlo;
 			(*state)->dst.seqdiff = (*state)->src.seqhi -
@@ -5519,7 +5497,7 @@ pf_route(struct mbuf **m, struct pf_rule *r, int dir, struct ifnet *oifp,
 
 
 	if (oifp != ifp) {
-		if (pf_test(AF_INET, PF_OUT, ifp, &m0, NULL) != PF_PASS)
+		if (pf_test(AF_INET, PF_OUT, ifp, &m0) != PF_PASS)
 			goto bad;
 		else if (m0 == NULL)
 			goto done;
@@ -5663,7 +5641,7 @@ pf_route6(struct mbuf **m, struct pf_rule *r, int dir, struct ifnet *oifp,
 		goto bad;
 
 	if (oifp != ifp) {
-		if (pf_test(AF_INET6, PF_OUT, ifp, &m0, NULL) != PF_PASS)
+		if (pf_test(AF_INET6, PF_OUT, ifp, &m0) != PF_PASS)
 			goto bad;
 		else if (m0 == NULL)
 			goto done;
@@ -6273,8 +6251,7 @@ pf_counters_inc(int action, struct pf_pdesc *pd, struct pf_state *s,
 }
 
 int
-pf_test(sa_family_t af, int fwdir, struct ifnet *ifp, struct mbuf **m0,
-    struct ether_header *eh)
+pf_test(sa_family_t af, int fwdir, struct ifnet *ifp, struct mbuf **m0)
 {
 	struct pfi_kif		*kif;
 	u_short			 action, reason = 0;
@@ -6353,7 +6330,6 @@ pf_test(sa_family_t af, int fwdir, struct ifnet *ifp, struct mbuf **m0,
 			goto done;
 		}
 	}
-	pd.eh = eh;
 	pd.m->m_pkthdr.pf.flags |= PF_TAG_PROCESSED;
 
 	switch (pd.virtual_proto) {
diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h
index 69541b70a72..fe018d9b48e 100644
--- a/sys/net/pfvar.h
+++ b/sys/net/pfvar.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pfvar.h,v 1.415 2015/06/05 13:22:34 mikeb Exp $ */
+/*	$OpenBSD: pfvar.h,v 1.416 2015/07/16 21:14:21 mpi Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -1255,8 +1255,6 @@ struct pf_pdesc {
 
 	struct pfi_kif	*kif;		/* incoming interface */
 	struct mbuf	*m;		/* mbuf containing the packet */
-	struct ether_header
-			*eh;
 	struct pf_addr	*src;		/* src address */
 	struct pf_addr	*dst;		/* dst address */
 	u_int16_t	*pcksum;	/* proto cksum */
@@ -1804,8 +1802,7 @@ int				 pf_setup_pdesc(struct pf_pdesc *, void *,
 				    sa_family_t, int, struct pfi_kif *,
 				    struct mbuf *, u_short *);
 
-int	pf_test(sa_family_t, int, struct ifnet *, struct mbuf **,
-	    struct ether_header *);
+int	pf_test(sa_family_t, int, struct ifnet *, struct mbuf **);
 
 void	pf_poolmask(struct pf_addr *, struct pf_addr*,
 	    struct pf_addr *, struct pf_addr *, sa_family_t);
-- 
cgit v1.2.3