Date: Fri, 29 Jun 2012 15:24:43 +0000 (UTC) From: Gleb Smirnoff <glebius@FreeBSD.org> To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r237788 - projects/pf/head/sys/contrib/pf/net Message-ID: <201206291524.q5TFOhHg053423@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: glebius Date: Fri Jun 29 15:24:42 2012 New Revision: 237788 URL: http://svn.freebsd.org/changeset/base/237788 Log: As Robert suggested provide mbuf to pf_socket_lookup() and utilize in_pcblookup_mbuf()/in6_pcblookup_mbuf(). Modified: projects/pf/head/sys/contrib/pf/net/if_pflog.c projects/pf/head/sys/contrib/pf/net/pf.c projects/pf/head/sys/contrib/pf/net/pfvar.h Modified: projects/pf/head/sys/contrib/pf/net/if_pflog.c ============================================================================== --- projects/pf/head/sys/contrib/pf/net/if_pflog.c Fri Jun 29 15:21:34 2012 (r237787) +++ projects/pf/head/sys/contrib/pf/net/if_pflog.c Fri Jun 29 15:24:42 2012 (r237788) @@ -234,7 +234,7 @@ pflog_packet(struct pfi_kif *kif, struct * These conditions are very very rare, however. */ if (rm->log & PF_LOG_SOCKET_LOOKUP && !pd->lookup.done && lookupsafe) - pd->lookup.done = pf_socket_lookup(dir, pd); + pd->lookup.done = pf_socket_lookup(dir, pd, m); if (pd->lookup.done > 0) hdr.uid = pd->lookup.uid; else Modified: projects/pf/head/sys/contrib/pf/net/pf.c ============================================================================== --- projects/pf/head/sys/contrib/pf/net/pf.c Fri Jun 29 15:21:34 2012 (r237787) +++ projects/pf/head/sys/contrib/pf/net/pf.c Fri Jun 29 15:24:42 2012 (r237788) @@ -2644,7 +2644,7 @@ pf_addr_inc(struct pf_addr *addr, sa_fam #endif /* INET6 */ int -pf_socket_lookup(int direction, struct pf_pdesc *pd) +pf_socket_lookup(int direction, struct pf_pdesc *pd, struct mbuf *m) { struct pf_addr *saddr, *daddr; u_int16_t sport, dport; @@ -2687,16 +2687,12 @@ pf_socket_lookup(int direction, struct p switch (pd->af) { #ifdef INET case AF_INET: - /* - * XXXRW: would be nice if we had an mbuf here so that we - * could use in_pcblookup_mbuf(). - */ - inp = in_pcblookup(pi, saddr->v4, sport, daddr->v4, - dport, INPLOOKUP_RLOCKPCB, NULL); + inp = in_pcblookup_mbuf(pi, saddr->v4, sport, daddr->v4, + dport, INPLOOKUP_RLOCKPCB, NULL, m); if (inp == NULL) { - inp = in_pcblookup(pi, saddr->v4, sport, + inp = in_pcblookup_mbuf(pi, saddr->v4, sport, daddr->v4, dport, INPLOOKUP_WILDCARD | - INPLOOKUP_RLOCKPCB, NULL); + INPLOOKUP_RLOCKPCB, NULL, m); if (inp == NULL) return (-1); } @@ -2704,16 +2700,12 @@ pf_socket_lookup(int direction, struct p #endif /* INET */ #ifdef INET6 case AF_INET6: - /* - * XXXRW: would be nice if we had an mbuf here so that we - * could use in6_pcblookup_mbuf(). - */ - inp = in6_pcblookup(pi, &saddr->v6, sport, - &daddr->v6, dport, INPLOOKUP_RLOCKPCB, NULL); + inp = in6_pcblookup_mbuf(pi, &saddr->v6, sport, &daddr->v6, + dport, INPLOOKUP_RLOCKPCB, NULL, m); if (inp == NULL) { - inp = in6_pcblookup(pi, &saddr->v6, sport, + inp = in6_pcblookup_mbuf(pi, &saddr->v6, sport, &daddr->v6, dport, INPLOOKUP_WILDCARD | - INPLOOKUP_RLOCKPCB, NULL); + INPLOOKUP_RLOCKPCB, NULL, m); if (inp == NULL) return (-1); } @@ -3170,13 +3162,13 @@ pf_test_rule(struct pf_rule **rm, struct r = TAILQ_NEXT(r, entries); /* tcp/udp only. uid.op always 0 in other cases */ else if (r->uid.op && (pd->lookup.done || (pd->lookup.done = - pf_socket_lookup(direction, pd), 1)) && + pf_socket_lookup(direction, pd, m), 1)) && !pf_match_uid(r->uid.op, r->uid.uid[0], r->uid.uid[1], pd->lookup.uid)) r = TAILQ_NEXT(r, entries); /* tcp/udp only. gid.op always 0 in other cases */ else if (r->gid.op && (pd->lookup.done || (pd->lookup.done = - pf_socket_lookup(direction, pd), 1)) && + pf_socket_lookup(direction, pd, m), 1)) && !pf_match_gid(r->gid.op, r->gid.gid[0], r->gid.gid[1], pd->lookup.gid)) r = TAILQ_NEXT(r, entries); Modified: projects/pf/head/sys/contrib/pf/net/pfvar.h ============================================================================== --- projects/pf/head/sys/contrib/pf/net/pfvar.h Fri Jun 29 15:21:34 2012 (r237787) +++ projects/pf/head/sys/contrib/pf/net/pfvar.h Fri Jun 29 15:24:42 2012 (r237788) @@ -1841,7 +1841,7 @@ u_int32_t void pf_purge_expired_fragments(void); int pf_routable(struct pf_addr *addr, sa_family_t af, struct pfi_kif *, int); -int pf_socket_lookup(int, struct pf_pdesc *); +int pf_socket_lookup(int, struct pf_pdesc *, struct mbuf *); struct pf_state_key *pf_alloc_state_key(int); void pfr_initialize(void); void pfr_cleanup(void);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201206291524.q5TFOhHg053423>