Page MenuHomeFreeBSD
Files F108649463

D46597.diff
No OneTemporary
Actions

D46597.diff
View Options

diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h
--- a/sys/net/pfvar.h
+++ b/sys/net/pfvar.h
@@ -2642,12 +2642,9 @@
struct pf_rule_actions *);
int pf_normalize_mss(struct mbuf *m, int off,
struct pf_pdesc *pd);
-#ifdef INET
-void pf_scrub_ip(struct mbuf *, struct pf_pdesc *);
-#endif /* INET */
-#ifdef INET6
-void pf_scrub_ip6(struct mbuf *, struct pf_pdesc *);
-#endif /* INET6 */
+#if defined(INET) || defined(INET6)
+void pf_scrub(struct mbuf *, struct pf_pdesc *);
+#endif
struct pfi_kkif *pf_kkif_create(int);
void pf_kkif_free(struct pfi_kkif *);
diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
--- a/sys/netpfil/pf/pf.c
+++ b/sys/netpfil/pf/pf.c
@@ -9221,7 +9221,7 @@
REASON_SET(&reason, PFRES_MEMORY);
}
- pf_scrub_ip(m, &pd);
+ pf_scrub(m, &pd);
if (pd.proto == IPPROTO_TCP && pd.act.max_mss)
pf_normalize_mss(m, off, &pd);
@@ -9676,7 +9676,7 @@
REASON_SET(&reason, PFRES_MEMORY);
}
- pf_scrub_ip6(m, &pd);
+ pf_scrub(m, &pd);
if (pd.proto == IPPROTO_TCP && pd.act.max_mss)
pf_normalize_mss(m, off, &pd);
diff --git a/sys/netpfil/pf/pf_norm.c b/sys/netpfil/pf/pf_norm.c
--- a/sys/netpfil/pf/pf_norm.c
+++ b/sys/netpfil/pf/pf_norm.c
@@ -2267,14 +2267,20 @@
return (PF_DROP);
}
-#ifdef INET
+#if defined(INET) || defined(INET6)
void
-pf_scrub_ip(struct mbuf *m, struct pf_pdesc *pd)
+pf_scrub(struct mbuf *m, struct pf_pdesc *pd)
{
+
struct ip *h = mtod(m, struct ip *);
+#ifdef INET6
+ struct ip6_hdr *h6 = mtod(m, struct ip6_hdr *);
+#endif
/* Clear IP_DF if no-df was requested */
- if (pd->act.flags & PFSTATE_NODF && h->ip_off & htons(IP_DF)) {
+ if (pd->af == AF_INET && pd->act.flags & PFSTATE_NODF &&
+ h->ip_off & htons(IP_DF))
+ {
u_int16_t ip_off = h->ip_off;
h->ip_off &= htons(~IP_DF);
@@ -2282,48 +2288,44 @@
}
/* Enforce a minimum ttl, may cause endless packet loops */
- if (pd->act.min_ttl && h->ip_ttl < pd->act.min_ttl) {
+ if (pd->af == AF_INET && pd->act.min_ttl &&
+ h->ip_ttl < pd->act.min_ttl) {
u_int16_t ip_ttl = h->ip_ttl;
h->ip_ttl = pd->act.min_ttl;
h->ip_sum = pf_cksum_fixup(h->ip_sum, ip_ttl, h->ip_ttl, 0);
}
-
+#ifdef INET6
+ /* Enforce a minimum ttl, may cause endless packet loops */
+ if (pd->af == AF_INET6 && pd->act.min_ttl &&
+ h6->ip6_hlim < pd->act.min_ttl)
+ h6->ip6_hlim = pd->act.min_ttl;
+#endif
/* Enforce tos */
if (pd->act.flags & PFSTATE_SETTOS) {
- u_int16_t ov, nv;
+ if (pd->af == AF_INET) {
+ u_int16_t ov, nv;
- ov = *(u_int16_t *)h;
- h->ip_tos = pd->act.set_tos | (h->ip_tos & IPTOS_ECN_MASK);
- nv = *(u_int16_t *)h;
+ ov = *(u_int16_t *)h;
+ h->ip_tos = pd->act.set_tos | (h->ip_tos & IPTOS_ECN_MASK);
+ nv = *(u_int16_t *)h;
- h->ip_sum = pf_cksum_fixup(h->ip_sum, ov, nv, 0);
+ h->ip_sum = pf_cksum_fixup(h->ip_sum, ov, nv, 0);
+#ifdef INET6
+ } else if (pd->af == AF_INET6) {
+ h6->ip6_flow &= IPV6_FLOWLABEL_MASK | IPV6_VERSION_MASK;
+ h6->ip6_flow |= htonl((pd->act.set_tos | IPV6_ECN(h6)) << 20);
+#endif
+ }
}
/* random-id, but not for fragments */
- if (pd->act.flags & PFSTATE_RANDOMID && !(h->ip_off & ~htons(IP_DF))) {
+ if (pd->af == AF_INET &&
+ pd->act.flags & PFSTATE_RANDOMID && !(h->ip_off & ~htons(IP_DF))) {
uint16_t ip_id = h->ip_id;
ip_fillid(h);
h->ip_sum = pf_cksum_fixup(h->ip_sum, ip_id, h->ip_id, 0);
}
}
-#endif /* INET */
-
-#ifdef INET6
-void
-pf_scrub_ip6(struct mbuf *m, struct pf_pdesc *pd)
-{
- struct ip6_hdr *h = mtod(m, struct ip6_hdr *);
-
- /* Enforce a minimum ttl, may cause endless packet loops */
- if (pd->act.min_ttl && h->ip6_hlim < pd->act.min_ttl)
- h->ip6_hlim = pd->act.min_ttl;
-
- /* Enforce tos. Set traffic class bits */
- if (pd->act.flags & PFSTATE_SETTOS) {
- h->ip6_flow &= IPV6_FLOWLABEL_MASK | IPV6_VERSION_MASK;
- h->ip6_flow |= htonl((pd->act.set_tos | IPV6_ECN(h)) << 20);
- }
-}
#endif

File Metadata

Mime Type
text/plain
Expires
Tue, Jan 28, 2:04 AM (10 h, 16 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
16237554
Default Alt Text
D46597.diff (3 KB)

Event Timeline