Date: Wed, 25 Jul 2007 15:10:35 +0200 From: Matthieu Michaud <matthieu@epita.info> To: pf@freebsd.org Subject: (no subject) Message-ID: <40DDA695-6A41-46EF-872A-37EC6B48CEBE@epita.info>
next in thread | raw e-mail | index | archive | help
dear pf hackers, i have a simple question about pf's behavior. there is something i don't understand in this piece of code : http://fxr.watson.org/fxr/source/contrib/pf/net/pf.c#L2971 2971 inp = in_pcblookup_hash(pi, saddr->v4, sport,daddr->v4, 2972 dport, 0, NULL); 2973 if (inp == NULL) { 2974 inp = in_pcblookup_hash(pi, saddr->v4, sport, 2975 daddr->v4, dport, INPLOOKUP_WILDCARD,NULL); 2976 if(inp == NULL) { 2977 INP_INFO_RUNLOCK(pi); 2978 return (-1); 2979 } 2980 } there is 2 pcb lookups which only differs by its sixth arguments. as far as i understand, this is because pf would prefer a result on a non wildcard socket than a wildcard one. but, if i'm still correct, a single in_pcblookup_hash call already does that : http://fxr.watson.org/fxr/source/netinet/in_pcb.c#L1010 1010 /* 1011 * First look for an exact match. 1012 */ 1013 head = &pcbinfo->ipi_hashbase[INP_PCBHASH(faddr.s_addr, lport,fport, 1014 pcbinfo->ipi_hashmask)]; 1015 LIST_FOREACH(inp, head, inp_hash) { 1016 #ifdef INET6 1017 if ((inp->inp_vflag & INP_IPV4) == 0) 1018 continue; 1019 #endif 1020 if (inp->inp_faddr.s_addr == faddr.s_addr && 1021 inp->inp_laddr.s_addr == laddr.s_addr && 1022 inp->inp_fport == fport && 1023 inp->inp_lport == lport) 1024 return (inp); 1025 } 1026 1027 /* 1028 * Then look for a wildcard match, if requested. 1029 */ 1030 if (wildcard) { so why having two calls ? sorry for the noise if i'm wrong and misunderstanding this piece of code. in any case, thanks in advance for your answer.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?40DDA695-6A41-46EF-872A-37EC6B48CEBE>