Date: Mon, 5 Feb 2007 12:37:20 GMT From: Paolo Pisati <piso@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 114048 for review Message-ID: <200702051237.l15CbKki024527@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=114048 Change 114048 by piso@piso_newluxor on 2007/02/05 12:36:19 Update ipfw and ng_nat to the new libalias API: the code is still broken as we've to pass pass down a **mbuf to let libalias manipulate it and return to the caller. Affected files ... .. //depot/projects/soc2005/libalias/sys/netgraph/ng_nat.c#7 edit .. //depot/projects/soc2005/libalias/sys/netinet/ip_fw2.c#40 edit Differences ... ==== //depot/projects/soc2005/libalias/sys/netgraph/ng_nat.c#7 (text+ko) ==== @@ -204,7 +204,6 @@ struct mbuf *m; struct ip *ip; int rval, error = 0; - char *c; if (!(priv->flags & NGNAT_READY)) { NG_FREE_ITEM(item); @@ -213,7 +212,7 @@ m = NGI_M(item); - if ((m = m_megapullup(m, m->m_pkthdr.len)) == NULL) { + if ((m = m_pullup(m, sizeof(struct ip))) == NULL) { NGI_M(item) = NULL; /* avoid double free */ NG_FREE_ITEM(item); return (ENOBUFS); @@ -221,21 +220,20 @@ NGI_M(item) = m; - c = mtod(m, char *); ip = mtod(m, struct ip *); KASSERT(m->m_pkthdr.len == ntohs(ip->ip_len), ("ng_nat: ip_len != m_pkthdr.len")); if (hook == priv->in) { - rval = LibAliasIn(priv->lib, c, MCLBYTES); + rval = LibAliasIn(priv->lib, m, MCLBYTES); if (rval != PKT_ALIAS_OK && rval != PKT_ALIAS_FOUND_HEADER_FRAGMENT) { NG_FREE_ITEM(item); return (EINVAL); } } else if (hook == priv->out) { - rval = LibAliasOut(priv->lib, c, MCLBYTES); + rval = LibAliasOut(priv->lib, m, MCLBYTES); if (rval != PKT_ALIAS_OK) { NG_FREE_ITEM(item); return (EINVAL); @@ -243,11 +241,26 @@ } else panic("ng_nat: unknown hook!\n"); + if ((m = m_pullup(m, sizeof(struct ip))) == NULL) { + NGI_M(item) = NULL; /* avoid double free */ + NG_FREE_ITEM(item); + return (ENOBUFS); + } + ip = mtod(m, struct ip *); m->m_pkthdr.len = m->m_len = ntohs(ip->ip_len); if ((ip->ip_off & htons(IP_OFFMASK)) == 0 && - ip->ip_p == IPPROTO_TCP) { - struct tcphdr *th = (struct tcphdr *)((caddr_t)ip + + ip->ip_p == IPPROTO_TCP) { + struct tcphdr *th; + + if ((m = m_pullup(m, (ip->ip_hl << 2) + sizeof(struct tcphdr))) + == NULL) { + NGI_M(item) = NULL; /* avoid double free */ + NG_FREE_ITEM(item); + return (ENOBUFS); + } + ip = mtod(m, struct ip *); + th = (struct tcphdr *)((caddr_t)ip + (ip->ip_hl << 2)); /* ==== //depot/projects/soc2005/libalias/sys/netinet/ip_fw2.c#40 (text+ko) ==== @@ -3480,10 +3480,8 @@ #ifdef IPFIREWALL_NAT case O_NAT: { struct cfg_nat *t; - struct mbuf *mcl; /* XXX - libalias duct tape */ - int ldt; - char *c; + int ldt; ldt = 0; args->rule = f; /* Report matching rule. */ @@ -3498,10 +3496,9 @@ ((ipfw_insn_nat *)cmd)->nat = t; } - if ((mcl = m_megapullup(m, m->m_pkthdr.len)) == - NULL) + if ((m = m_pullup(m, sizeof(struct ip))) == NULL) goto badnat; - ip = mtod(mcl, struct ip *); + ip = mtod(m, struct ip *); if (args->eh == NULL) { ip->ip_len = htons(ip->ip_len); ip->ip_off = htons(ip->ip_off); @@ -3555,27 +3552,29 @@ * it can handle delayed checksum and tso) */ - if (mcl->m_pkthdr.rcvif == NULL && - mcl->m_pkthdr.csum_flags & + if (m->m_pkthdr.rcvif == NULL && + m->m_pkthdr.csum_flags & CSUM_DELAY_DATA) ldt = 1; - c = mtod(mcl, char *); if (oif == NULL) - retval = LibAliasIn(t->lib, c, + retval = LibAliasIn(t->lib, m, MCLBYTES); else - retval = LibAliasOut(t->lib, c, + retval = LibAliasOut(t->lib, m, MCLBYTES); if (retval != PKT_ALIAS_OK) { /* XXX - should i add some logging? */ - m_free(mcl); + m_free(m); badnat: args->m = NULL; retval = IP_FW_DENY; goto done; } - mcl->m_pkthdr.len = mcl->m_len = + if ((m = m_pullup(m, sizeof(struct ip))) == NULL) + goto badnat; + ip = mtod(m, struct ip *); + m->m_pkthdr.len = m->m_len = ntohs(ip->ip_len); /* @@ -3587,8 +3586,12 @@ ip->ip_p == IPPROTO_TCP) { struct tcphdr *th; + if ((m = m_pullup(m, (ip->ip_hl << 2) + + sizeof(struct tcphdr))) == NULL) + goto badnat; + ip = mtod(m, struct ip *); th = (struct tcphdr *)(ip + 1); - if (th->th_x2) + if (th->th_x2) ldt = 1; } @@ -3607,6 +3610,12 @@ switch (ip->ip_p) { case IPPROTO_TCP: + if ((m = m_pullup(m, + (ip->ip_hl << 2) + + sizeof(struct tcphdr))) == + NULL) + goto badnat; + ip = mtod(m, struct ip *); th = (struct tcphdr *)(ip + 1); /* * Maybe it was set in @@ -3614,26 +3623,32 @@ */ th->th_x2 = 0; th->th_sum = cksum; - mcl->m_pkthdr.csum_data = + m->m_pkthdr.csum_data = offsetof(struct tcphdr, th_sum); break; case IPPROTO_UDP: + if ((m = m_pullup(m, + (ip->ip_hl << 2) + + sizeof(struct tcphdr))) == + NULL) + goto badnat; + ip = mtod(m, struct ip *); uh = (struct udphdr *)(ip + 1); uh->uh_sum = cksum; - mcl->m_pkthdr.csum_data = + m->m_pkthdr.csum_data = offsetof(struct udphdr, uh_sum); - break; + break; } /* * No hw checksum offloading: do it * by ourself. */ - if ((mcl->m_pkthdr.csum_flags & + if ((m->m_pkthdr.csum_flags & CSUM_DELAY_DATA) == 0) { - in_delayed_cksum(mcl); - mcl->m_pkthdr.csum_flags &= + in_delayed_cksum(m); + m->m_pkthdr.csum_flags &= ~CSUM_DELAY_DATA; } ip->ip_len = htons(ip->ip_len); @@ -3644,7 +3659,7 @@ ip->ip_off = ntohs(ip->ip_off); } - args->m = mcl; + args->m = m; retval = IP_FW_NAT; goto done; }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200702051237.l15CbKki024527>