D46683.id143606.diff
No OneTemporary
Actions

Size

7 KB

Referenced Files

None

Subscribers

None

D46683.id143606.diff
View Options

	diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h
	--- a/sys/net/pfvar.h
	+++ b/sys/net/pfvar.h
	@@ -1619,7 +1619,7 @@
	* state code. Easier than tags */
	#define PFDESC_TCP_NORM 0x0001 /* TCP shall be statefully scrubbed */
	#define PFDESC_IP_REAS 0x0002 /* IP frags would've been reassembled */
	- sa_family_t af;
	+ ip_version_t af;
	u_int8_t proto;
	u_int8_t tos;
	u_int8_t dir; /* direction */
	@@ -2352,7 +2352,7 @@
	extern void pf_addrcpy(struct pf_addr , struct pf_addr ,
	sa_family_t);
	void pf_free_rule(struct pf_krule *);
	-int pf_setup_pdesc(sa_family_t, int,
	+int pf_setup_pdesc(ip_version_t, int,
	struct pf_pdesc , struct mbuf ,
	u_short , u_short , struct pfi_kkif *,
	struct pf_krule , struct pf_krule ,
	@@ -2362,7 +2362,7 @@
	int pf_test_eth(int, int, struct ifnet , struct mbuf , struct inpcb );
	int pf_scan_sctp(struct mbuf , int, struct pf_pdesc , struct pfi_kkif *);
	#if defined(INET) \|\| defined(INET6)
	-int pf_test(sa_family_t, int, int, struct ifnet , struct mbuf , struct inpcb ,
	+int pf_test(ip_version_t, int, int, struct ifnet , struct mbuf , struct inpcb ,
	struct pf_rule_actions *);
	#endif
	#ifdef INET
	diff --git a/sys/netinet/in.h b/sys/netinet/in.h
	--- a/sys/netinet/in.h
	+++ b/sys/netinet/in.h
	@@ -418,8 +418,26 @@
	#define IN_RFC3021_MASK ((in_addr_t)0xfffffffe)

	#ifdef _KERNEL
	+#include "opt_inet.h"
	+#include "opt_inet6.h"
	+
	#include <net/vnet.h>

	+typedef enum {
	+#ifndef AF_INET
	+#define AF_INET 2
	+#endif
	+#ifndef AF_INET6
	+#define AF_INET6 28
	+#endif
	+#ifdef INET
	+ IPv4 = AF_INET,
	+#endif
	+#ifdef INET6
	+ IPv6 = AF_INET6,
	+#endif
	+} ip_version_t;
	+
	VNET_DECLARE(bool, ip_allow_net0);
	VNET_DECLARE(bool, ip_allow_net240);
	/* Address space reserved for loopback */
	diff --git a/sys/netinet/libalias/alias_sctp.h b/sys/netinet/libalias/alias_sctp.h
	--- a/sys/netinet/libalias/alias_sctp.h
	+++ b/sys/netinet/libalias/alias_sctp.h
	@@ -166,9 +166,8 @@
	uint16_t msg; /*< one of the key messages defined above /
	#ifdef INET6
	// struct ip6_hdr ip_hdr; /< pointer to ip packet header / /no inet6 support yet/
	-#else
	- struct ip ip_hdr; /< pointer to ip packet header /
	#endif //#ifdef INET6
	+ struct ip ip_hdr; /< pointer to ip packet header /
	struct sctphdr sctp_hdr; /< pointer to sctp common header /
	union sctpChunkOfInt sctpchnk; /*< union of pointers to the chunk of interest /
	int chunk_length; /*< length of chunk of interest /
	diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
	--- a/sys/netpfil/pf/pf.c
	+++ b/sys/netpfil/pf/pf.c
	@@ -584,15 +584,17 @@
	}

	static bool
	-pf_is_loopback(sa_family_t af, struct pf_addr *addr)
	+pf_is_loopback(ip_version_t af, struct pf_addr *addr)
	{
	switch (af) {
	+#ifdef INET
	case AF_INET:
	return IN_LOOPBACK(ntohl(addr->v4.s_addr));
	+#endif
	+#ifdef INET6
	case AF_INET6:
	return IN6_IS_ADDR_LOOPBACK(&addr->v6);
	- default:
	- panic("Unknown af %d", af);
	+#endif
	}
	}

	@@ -664,26 +666,34 @@
	default:
	if (PF_ANEQ(pd->src, &nk->addr[pd->sidx], pd->af)) {
	switch (pd->af) {
	+#ifdef INET
	case AF_INET:
	pf_change_a(&pd->src->v4.s_addr,
	pd->ip_sum, nk->addr[pd->sidx].v4.s_addr,
	0);
	break;
	+#endif
	+#ifdef INET6
	case AF_INET6:
	PF_ACPY(pd->src, &nk->addr[pd->sidx], pd->af);
	break;
	+#endif
	}
	}
	if (PF_ANEQ(pd->dst, &nk->addr[pd->didx], pd->af)) {
	switch (pd->af) {
	+#ifdef INET
	case AF_INET:
	pf_change_a(&pd->dst->v4.s_addr,
	pd->ip_sum, nk->addr[pd->didx].v4.s_addr,
	0);
	break;
	+#endif
	+#ifdef INET6
	case AF_INET6:
	PF_ACPY(pd->dst, &nk->addr[pd->didx], pd->af);
	break;
	+#endif
	}
	}
	break;
	@@ -8410,20 +8420,21 @@
	dnflow->f_id.proto = pd->proto;
	dnflow->f_id.extra = dnflow->rule.info;
	switch (pd->af) {
	+#ifdef INET
	case AF_INET:
	dnflow->f_id.addr_type = 4;
	dnflow->f_id.src_ip = ntohl(pd->src->v4.s_addr);
	dnflow->f_id.dst_ip = ntohl(pd->dst->v4.s_addr);
	break;
	+#endif
	+#ifdef INET6
	case AF_INET6:
	dnflow->flags \|= IPFW_ARGS_IP6;
	dnflow->f_id.addr_type = 6;
	dnflow->f_id.src_ip6 = pd->src->v6;
	dnflow->f_id.dst_ip6 = pd->dst->v6;
	break;
	- default:
	- panic("Invalid AF");
	- break;
	+#endif
	}

	return (true);
	@@ -8556,7 +8567,7 @@
	}

	int
	-pf_setup_pdesc(sa_family_t af, int dir, struct pf_pdesc pd, struct mbuf m,
	+pf_setup_pdesc(ip_version_t af, int dir, struct pf_pdesc pd, struct mbuf m,
	u_short action, u_short reason, struct pfi_kkif kif, struct pf_krule *a,
	struct pf_krule r, struct pf_kruleset ruleset, int off, int hdrlen,
	struct pf_rule_actions *default_actions)
	@@ -8697,8 +8708,6 @@
	break;
	}
	#endif
	- default:
	- panic("pf_setup_pdesc called with illegal af %u", af);
	}

	switch (pd->proto) {
	@@ -8889,14 +8898,18 @@

	#if defined(INET) \|\| defined(INET6)
	int
	-pf_test(sa_family_t af, int dir, int pflags, struct ifnet ifp, struct mbuf *m0,
	+pf_test(ip_version_t af, int dir, int pflags, struct ifnet ifp, struct mbuf *m0,
	struct inpcb inp, struct pf_rule_actions default_actions)
	{
	struct pfi_kkif *kif;
	u_short action, reason = 0;
	struct mbuf m = m0;
	+#ifdef INET
	struct ip *h = NULL;
	+#endif
	+#ifdef INET6
	struct ip6_hdr *h6 = NULL;
	+#endif
	struct m_tag *mtag;
	struct pf_krule a = NULL, r = &V_pf_default_rule;
	struct pf_kstate *s = NULL;
	@@ -8909,6 +8922,13 @@

	PF_RULES_RLOCK_TRACKER;
	KASSERT(dir == PF_IN \|\| dir == PF_OUT, ("%s: bad direction %d\n", __func__, dir));
	+#if defined(INET) && defined(INET6)
	+ KASSERT(af == AF_INET \|\| af == AF_INET6, ("Unsupported af %d", af));
	+#elif defined(INET)
	+ KASSERT(af == AF_INET, ("Unsupported af %d", af));
	+#elif defined(INET6)
	+ KASSERT(af == AF_INET6, ("Unsupported af %d", af));
	+#endif
	M_ASSERTPKTHDR(m);

	if (!V_pf_status.running)
	@@ -8997,8 +9017,6 @@
	ttl = h6->ip6_hlim;
	break;
	#endif
	- default:
	- panic("Unknown af %d", af);
	}

	if (pf_setup_pdesc(af, dir, &pd, m, &action, &reason, kif, &a, &r,
	@@ -9085,8 +9103,6 @@
	}
	break;
	#endif
	- default:
	- panic("Unknown af %d", af);
	}

	switch (pd.proto) {
	@@ -9294,10 +9310,18 @@
	else
	pd.pf_mtag->qid = pd.act.qid;
	/* Add hints for ecn. */
	- if (af == AF_INET)
	+ switch (af) {
	+#ifdef INET
	+ case AF_INET:
	pd.pf_mtag->hdr = h;
	- else
	+ break;
	+#endif
	+#ifdef INET6
	+ case AF_INET6:
	pd.pf_mtag->hdr = h6;
	+ break;
	+#endif
	+ }
	}
	}
	#endif /* ALTQ */
	@@ -9314,6 +9338,7 @@
	pf_is_loopback(af, pd.dst))
	m->m_flags \|= M_SKIP_FIREWALL;

	+#ifdef INET
	if (af == AF_INET && __predict_false(ip_divert_ptr != NULL) &&
	action == PF_PASS && r->divert.port && !PACKET_LOOPED(&pd)) {
	mtag = m_tag_alloc(MTAG_PF_DIVERT, 0,
	@@ -9356,9 +9381,12 @@
	("pf: failed to allocate divert tag\n"));
	}
	}
	+#endif
	+#ifdef INET6
	/* XXX: Anybody working on it?! */
	if (af == AF_INET6 && r->divert.port)
	printf("pf: divert(9) is not supported for IPv6\n");
	+#endif

	/* this flag will need revising if the pkt is forwarded */
	if (pd.pf_mtag)
	@@ -9413,8 +9441,6 @@
	pf_route6(m0, r, kif->pfik_ifp, s, &pd, inp);
	break;
	#endif
	- default:
	- panic("Unknown af %d", af);
	}
	goto out;
	}
	diff --git a/sys/netpfil/pf/pf_syncookies.c b/sys/netpfil/pf/pf_syncookies.c
	--- a/sys/netpfil/pf/pf_syncookies.c
	+++ b/sys/netpfil/pf/pf_syncookies.c
	@@ -435,16 +435,18 @@
	SipHash_SetKey(&ctx, V_pf_syncookie_status.key[cookie.flags.oddeven]);

	switch (pd->af) {
	+#ifdef INET
	case AF_INET:
	SipHash_Update(&ctx, pd->src, sizeof(pd->src->v4));
	SipHash_Update(&ctx, pd->dst, sizeof(pd->dst->v4));
	break;
	+#endif
	+#ifdef INET6
	case AF_INET6:
	SipHash_Update(&ctx, pd->src, sizeof(pd->src->v6));
	SipHash_Update(&ctx, pd->dst, sizeof(pd->dst->v6));
	break;
	- default:
	- panic("unknown address family");
	+#endif
	}

	SipHash_Update(&ctx, pd->sport, sizeof(*pd->sport));

File Metadata

Mime Type: text/plain
Expires: Thu, Nov 14, 4:20 PM (3 h, 25 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 14631084
Default Alt Text: D46683.id143606.diff (7 KB)

D46683.id143606.diffNo OneTemporaryActions

D46683.id143606.diffView Options

File Metadata

Event Timeline

D46683.id143606.diff
No OneTemporary
Actions

D46683.id143606.diff
View Options