From owner-svn-src-projects@FreeBSD.ORG Fri Jun 29 15:24:43 2012 Return-Path: Delivered-To: svn-src-projects@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id A3ADF1065670; Fri, 29 Jun 2012 15:24:43 +0000 (UTC) (envelope-from glebius@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 8E5008FC14; Fri, 29 Jun 2012 15:24:43 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id q5TFOhBL053427; Fri, 29 Jun 2012 15:24:43 GMT (envelope-from glebius@svn.freebsd.org) Received: (from glebius@localhost) by svn.freebsd.org (8.14.4/8.14.4/Submit) id q5TFOhHg053423; Fri, 29 Jun 2012 15:24:43 GMT (envelope-from glebius@svn.freebsd.org) Message-Id: <201206291524.q5TFOhHg053423@svn.freebsd.org> From: Gleb Smirnoff Date: Fri, 29 Jun 2012 15:24:43 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org X-SVN-Group: projects MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r237788 - projects/pf/head/sys/contrib/pf/net X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Jun 2012 15:24:43 -0000 Author: glebius Date: Fri Jun 29 15:24:42 2012 New Revision: 237788 URL: http://svn.freebsd.org/changeset/base/237788 Log: As Robert suggested provide mbuf to pf_socket_lookup() and utilize in_pcblookup_mbuf()/in6_pcblookup_mbuf(). Modified: projects/pf/head/sys/contrib/pf/net/if_pflog.c projects/pf/head/sys/contrib/pf/net/pf.c projects/pf/head/sys/contrib/pf/net/pfvar.h Modified: projects/pf/head/sys/contrib/pf/net/if_pflog.c ============================================================================== --- projects/pf/head/sys/contrib/pf/net/if_pflog.c Fri Jun 29 15:21:34 2012 (r237787) +++ projects/pf/head/sys/contrib/pf/net/if_pflog.c Fri Jun 29 15:24:42 2012 (r237788) @@ -234,7 +234,7 @@ pflog_packet(struct pfi_kif *kif, struct * These conditions are very very rare, however. */ if (rm->log & PF_LOG_SOCKET_LOOKUP && !pd->lookup.done && lookupsafe) - pd->lookup.done = pf_socket_lookup(dir, pd); + pd->lookup.done = pf_socket_lookup(dir, pd, m); if (pd->lookup.done > 0) hdr.uid = pd->lookup.uid; else Modified: projects/pf/head/sys/contrib/pf/net/pf.c ============================================================================== --- projects/pf/head/sys/contrib/pf/net/pf.c Fri Jun 29 15:21:34 2012 (r237787) +++ projects/pf/head/sys/contrib/pf/net/pf.c Fri Jun 29 15:24:42 2012 (r237788) @@ -2644,7 +2644,7 @@ pf_addr_inc(struct pf_addr *addr, sa_fam #endif /* INET6 */ int -pf_socket_lookup(int direction, struct pf_pdesc *pd) +pf_socket_lookup(int direction, struct pf_pdesc *pd, struct mbuf *m) { struct pf_addr *saddr, *daddr; u_int16_t sport, dport; @@ -2687,16 +2687,12 @@ pf_socket_lookup(int direction, struct p switch (pd->af) { #ifdef INET case AF_INET: - /* - * XXXRW: would be nice if we had an mbuf here so that we - * could use in_pcblookup_mbuf(). - */ - inp = in_pcblookup(pi, saddr->v4, sport, daddr->v4, - dport, INPLOOKUP_RLOCKPCB, NULL); + inp = in_pcblookup_mbuf(pi, saddr->v4, sport, daddr->v4, + dport, INPLOOKUP_RLOCKPCB, NULL, m); if (inp == NULL) { - inp = in_pcblookup(pi, saddr->v4, sport, + inp = in_pcblookup_mbuf(pi, saddr->v4, sport, daddr->v4, dport, INPLOOKUP_WILDCARD | - INPLOOKUP_RLOCKPCB, NULL); + INPLOOKUP_RLOCKPCB, NULL, m); if (inp == NULL) return (-1); } @@ -2704,16 +2700,12 @@ pf_socket_lookup(int direction, struct p #endif /* INET */ #ifdef INET6 case AF_INET6: - /* - * XXXRW: would be nice if we had an mbuf here so that we - * could use in6_pcblookup_mbuf(). - */ - inp = in6_pcblookup(pi, &saddr->v6, sport, - &daddr->v6, dport, INPLOOKUP_RLOCKPCB, NULL); + inp = in6_pcblookup_mbuf(pi, &saddr->v6, sport, &daddr->v6, + dport, INPLOOKUP_RLOCKPCB, NULL, m); if (inp == NULL) { - inp = in6_pcblookup(pi, &saddr->v6, sport, + inp = in6_pcblookup_mbuf(pi, &saddr->v6, sport, &daddr->v6, dport, INPLOOKUP_WILDCARD | - INPLOOKUP_RLOCKPCB, NULL); + INPLOOKUP_RLOCKPCB, NULL, m); if (inp == NULL) return (-1); } @@ -3170,13 +3162,13 @@ pf_test_rule(struct pf_rule **rm, struct r = TAILQ_NEXT(r, entries); /* tcp/udp only. uid.op always 0 in other cases */ else if (r->uid.op && (pd->lookup.done || (pd->lookup.done = - pf_socket_lookup(direction, pd), 1)) && + pf_socket_lookup(direction, pd, m), 1)) && !pf_match_uid(r->uid.op, r->uid.uid[0], r->uid.uid[1], pd->lookup.uid)) r = TAILQ_NEXT(r, entries); /* tcp/udp only. gid.op always 0 in other cases */ else if (r->gid.op && (pd->lookup.done || (pd->lookup.done = - pf_socket_lookup(direction, pd), 1)) && + pf_socket_lookup(direction, pd, m), 1)) && !pf_match_gid(r->gid.op, r->gid.gid[0], r->gid.gid[1], pd->lookup.gid)) r = TAILQ_NEXT(r, entries); Modified: projects/pf/head/sys/contrib/pf/net/pfvar.h ============================================================================== --- projects/pf/head/sys/contrib/pf/net/pfvar.h Fri Jun 29 15:21:34 2012 (r237787) +++ projects/pf/head/sys/contrib/pf/net/pfvar.h Fri Jun 29 15:24:42 2012 (r237788) @@ -1841,7 +1841,7 @@ u_int32_t void pf_purge_expired_fragments(void); int pf_routable(struct pf_addr *addr, sa_family_t af, struct pfi_kif *, int); -int pf_socket_lookup(int, struct pf_pdesc *); +int pf_socket_lookup(int, struct pf_pdesc *, struct mbuf *); struct pf_state_key *pf_alloc_state_key(int); void pfr_initialize(void); void pfr_cleanup(void);