Page MenuHomeFreeBSD

D40866.id124921.diff
No OneTemporary

D40866.id124921.diff

diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
--- a/sys/netpfil/pf/pf.c
+++ b/sys/netpfil/pf/pf.c
@@ -528,6 +528,23 @@
m_copyback(m, off, sizeof(*uh), (caddr_t)uh);
break;
}
+ case IPPROTO_SCTP: {
+ struct sctphdr *sh = &pd->hdr.sctp;
+ uint16_t checksum = 0;
+
+ if (PF_ANEQ(pd->src, &nk->addr[pd->sidx], pd->af)) {
+ pf_change_ap(m, pd->src, &sh->src_port, pd->ip_sum,
+ &checksum, &nk->addr[pd->sidx],
+ nk->port[pd->sidx], 1, pd->af);
+ }
+ if (PF_ANEQ(pd->dst, &nk->addr[pd->didx], pd->af)) {
+ pf_change_ap(m, pd->dst, &sh->dest_port, pd->ip_sum,
+ &checksum, &nk->addr[pd->didx],
+ nk->port[pd->didx], 1, pd->af);
+ }
+
+ break;
+ }
case IPPROTO_ICMP: {
struct icmp *ih = &pd->hdr.icmp;
@@ -4472,6 +4489,25 @@
}
rewrite++;
break;
+ case IPPROTO_SCTP: {
+ uint16_t checksum = 0;
+
+ if (PF_ANEQ(saddr, &nk->addr[pd->sidx], af) ||
+ nk->port[pd->sidx] != sport) {
+ pf_change_ap(m, saddr, &pd->hdr.sctp.src_port,
+ pd->ip_sum, &checksum,
+ &nk->addr[pd->sidx],
+ nk->port[pd->sidx], 1, af);
+ }
+ if (PF_ANEQ(daddr, &nk->addr[pd->didx], af) ||
+ nk->port[pd->didx] != dport) {
+ pf_change_ap(m, daddr, &pd->hdr.sctp.dest_port,
+ pd->ip_sum, &checksum,
+ &nk->addr[pd->didx],
+ nk->port[pd->didx], 1, af);
+ }
+ break;
+ }
#ifdef INET
case IPPROTO_ICMP:
nk->port[0] = nk->port[1];
@@ -5855,6 +5891,26 @@
(*state)->expire = time_uptime;
+ /* translate source/destination address, if necessary */
+ if ((*state)->key[PF_SK_WIRE] != (*state)->key[PF_SK_STACK]) {
+ uint16_t checksum = 0;
+ struct pf_state_key *nk = (*state)->key[pd->didx];
+
+ if (PF_ANEQ(pd->src, &nk->addr[pd->sidx], pd->af) ||
+ nk->port[pd->sidx] != pd->hdr.sctp.src_port) {
+ pf_change_ap(m, pd->src, &pd->hdr.sctp.src_port,
+ pd->ip_sum, &checksum, &nk->addr[pd->sidx],
+ nk->port[pd->sidx], 1, pd->af);
+ }
+
+ if (PF_ANEQ(pd->dst, &nk->addr[pd->didx], pd->af) ||
+ nk->port[pd->didx] != pd->hdr.sctp.dest_port) {
+ pf_change_ap(m, pd->dst, &pd->hdr.sctp.dest_port,
+ pd->ip_sum, &checksum, &nk->addr[pd->didx],
+ nk->port[pd->didx], 1, pd->af);
+ }
+ }
+
return (PF_PASS);
}
diff --git a/sys/netpfil/pf/pf_lb.c b/sys/netpfil/pf/pf_lb.c
--- a/sys/netpfil/pf/pf_lb.c
+++ b/sys/netpfil/pf/pf_lb.c
@@ -240,7 +240,15 @@
* port search; start random, step;
* similar 2 portloop in in_pcbbind
*/
- if (!(proto == IPPROTO_TCP || proto == IPPROTO_UDP ||
+ if (proto == IPPROTO_SCTP) {
+ key.port[1] = sport;
+ if (!pf_find_state_all_exists(&key, PF_IN)) {
+ *nport = sport;
+ return (0);
+ } else {
+ return (1); /* Fail mapping. */
+ }
+ } else if (!(proto == IPPROTO_TCP || proto == IPPROTO_UDP ||
proto == IPPROTO_ICMP) || (low == 0 && high == 0)) {
/*
* XXX bug: icmp states don't use the id on both sides.
@@ -711,6 +719,10 @@
PF_POOLMASK(naddr, naddr, &r->rpool.cur->addr.v.a.mask,
daddr, pd->af);
+ /* Do not change SCTP ports. */
+ if (pd->proto == IPPROTO_SCTP)
+ break;
+
if (r->rpool.proxy_port[1]) {
uint32_t tmp_nport;

File Metadata

Mime Type
text/plain
Expires
Fri, Jan 24, 6:50 PM (5 h, 30 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
16097483
Default Alt Text
D40866.id124921.diff (3 KB)

Event Timeline