From owner-p4-projects@FreeBSD.ORG  Mon Feb  5 12:37:41 2007
Return-Path: <owner-p4-projects@FreeBSD.ORG>
X-Original-To: p4-projects@freebsd.org
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id EA36B16A41B; Mon,  5 Feb 2007 12:37:22 +0000 (UTC)
X-Original-To: perforce@freebsd.org
Delivered-To: perforce@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id CA71116A40D
	for <perforce@freebsd.org>; Mon,  5 Feb 2007 12:37:20 +0000 (UTC)
	(envelope-from piso@freebsd.org)
Received: from repoman.freebsd.org (repoman.freebsd.org [69.147.83.41])
	by mx1.freebsd.org (Postfix) with ESMTP id AEA3513C4A5
	for <perforce@freebsd.org>; Mon,  5 Feb 2007 12:37:20 +0000 (UTC)
	(envelope-from piso@freebsd.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.13.6/8.13.6) with ESMTP id l15CbKbK024530
	for <perforce@freebsd.org>; Mon, 5 Feb 2007 12:37:20 GMT
	(envelope-from piso@freebsd.org)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.13.6/8.13.4/Submit) id l15CbKki024527
	for perforce@freebsd.org; Mon, 5 Feb 2007 12:37:20 GMT
	(envelope-from piso@freebsd.org)
Date: Mon, 5 Feb 2007 12:37:20 GMT
Message-Id: <200702051237.l15CbKki024527@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to
	piso@freebsd.org using -f
From: Paolo Pisati <piso@FreeBSD.org>
To: Perforce Change Reviews <perforce@freebsd.org>
Cc: 
Subject: PERFORCE change 114048 for review
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Feb 2007 12:37:41 -0000

http://perforce.freebsd.org/chv.cgi?CH=114048

Change 114048 by piso@piso_newluxor on 2007/02/05 12:36:19

	Update ipfw and ng_nat to the new libalias API:
	the code is still broken as we've to pass pass down 
	a **mbuf to let libalias manipulate it and return to 
	the caller.

Affected files ...

.. //depot/projects/soc2005/libalias/sys/netgraph/ng_nat.c#7 edit
.. //depot/projects/soc2005/libalias/sys/netinet/ip_fw2.c#40 edit

Differences ...

==== //depot/projects/soc2005/libalias/sys/netgraph/ng_nat.c#7 (text+ko) ====

@@ -204,7 +204,6 @@
 	struct mbuf	*m;
 	struct ip	*ip;
 	int rval, error = 0;
-	char *c;
 
 	if (!(priv->flags & NGNAT_READY)) {
 		NG_FREE_ITEM(item);
@@ -213,7 +212,7 @@
 
 	m = NGI_M(item);
 
-	if ((m = m_megapullup(m, m->m_pkthdr.len)) == NULL) {
+	if ((m = m_pullup(m, sizeof(struct ip))) == NULL) {
 		NGI_M(item) = NULL;	/* avoid double free */
 		NG_FREE_ITEM(item);
 		return (ENOBUFS);
@@ -221,21 +220,20 @@
 
 	NGI_M(item) = m;
 
-	c = mtod(m, char *);
 	ip = mtod(m, struct ip *);
 
 	KASSERT(m->m_pkthdr.len == ntohs(ip->ip_len),
 	    ("ng_nat: ip_len != m_pkthdr.len"));
 
 	if (hook == priv->in) {
-		rval = LibAliasIn(priv->lib, c, MCLBYTES);
+		rval = LibAliasIn(priv->lib, m, MCLBYTES);
 		if (rval != PKT_ALIAS_OK &&
 		    rval != PKT_ALIAS_FOUND_HEADER_FRAGMENT) {
 			NG_FREE_ITEM(item);
 			return (EINVAL);
 		}
 	} else if (hook == priv->out) {
-		rval = LibAliasOut(priv->lib, c, MCLBYTES);
+		rval = LibAliasOut(priv->lib, m, MCLBYTES);
 		if (rval != PKT_ALIAS_OK) {
 			NG_FREE_ITEM(item);
 			return (EINVAL);
@@ -243,11 +241,26 @@
 	} else
 		panic("ng_nat: unknown hook!\n");
 
+	if ((m = m_pullup(m, sizeof(struct ip))) == NULL) {
+		NGI_M(item) = NULL;	/* avoid double free */
+		NG_FREE_ITEM(item);
+		return (ENOBUFS);
+	}
+	ip = mtod(m, struct ip *);
 	m->m_pkthdr.len = m->m_len = ntohs(ip->ip_len);
 
 	if ((ip->ip_off & htons(IP_OFFMASK)) == 0 &&
-	    ip->ip_p == IPPROTO_TCP) {
-		struct tcphdr *th = (struct tcphdr *)((caddr_t)ip +
+	    ip->ip_p == IPPROTO_TCP) {		
+		struct tcphdr *th;
+
+		if ((m = m_pullup(m, (ip->ip_hl << 2) + sizeof(struct tcphdr)))
+		    == NULL) {
+			NGI_M(item) = NULL;	/* avoid double free */
+			NG_FREE_ITEM(item);
+			return (ENOBUFS);
+		}
+		ip = mtod(m, struct ip *);
+		th = (struct tcphdr *)((caddr_t)ip +
 		    (ip->ip_hl << 2));
 
 		/*

==== //depot/projects/soc2005/libalias/sys/netinet/ip_fw2.c#40 (text+ko) ====

@@ -3480,10 +3480,8 @@
 #ifdef IPFIREWALL_NAT
 			case O_NAT: {
 				struct cfg_nat *t;
-				struct mbuf *mcl;
 				/* XXX - libalias duct tape */
-				int ldt; 
-				char *c;
+				int ldt;
 				
 				ldt = 0;
 				args->rule = f;	/* Report matching rule. */
@@ -3498,10 +3496,9 @@
 						((ipfw_insn_nat *)cmd)->nat = 
 						    t;
 				}
-				if ((mcl = m_megapullup(m, m->m_pkthdr.len)) ==
-				    NULL)
+				if ((m = m_pullup(m, sizeof(struct ip))) == NULL)
 					goto badnat;
-				ip = mtod(mcl, struct ip *);
+				ip = mtod(m, struct ip *);
 				if (args->eh == NULL) {
 					ip->ip_len = htons(ip->ip_len);
 					ip->ip_off = htons(ip->ip_off);
@@ -3555,27 +3552,29 @@
 				 * it can handle delayed checksum and tso)
 				 */
 
-				if (mcl->m_pkthdr.rcvif == NULL && 
-				    mcl->m_pkthdr.csum_flags & 
+				if (m->m_pkthdr.rcvif == NULL && 
+				    m->m_pkthdr.csum_flags & 
 				    CSUM_DELAY_DATA)
 					ldt = 1;
 
-				c = mtod(mcl, char *);
 				if (oif == NULL)
-					retval = LibAliasIn(t->lib, c, 
+					retval = LibAliasIn(t->lib, m, 
 					    MCLBYTES);
 				else
-					retval = LibAliasOut(t->lib, c, 
+					retval = LibAliasOut(t->lib, m, 
 					    MCLBYTES);
 				if (retval != PKT_ALIAS_OK) {
 					/* XXX - should i add some logging? */
-					m_free(mcl);
+					m_free(m);
 				badnat:
 					args->m = NULL;
 					retval = IP_FW_DENY;
 					goto done;
 				}
-				mcl->m_pkthdr.len = mcl->m_len = 
+				if ((m = m_pullup(m, sizeof(struct ip))) == NULL)
+					goto badnat;
+				ip = mtod(m, struct ip *);
+				m->m_pkthdr.len = m->m_len = 
 				    ntohs(ip->ip_len);
 
 				/* 
@@ -3587,8 +3586,12 @@
 				    ip->ip_p == IPPROTO_TCP) {
 					struct tcphdr 	*th; 
 
+					if ((m = m_pullup(m, (ip->ip_hl << 2) +
+					    sizeof(struct tcphdr))) == NULL)
+						goto badnat;
+					ip = mtod(m, struct ip *);
 					th = (struct tcphdr *)(ip + 1);
-					if (th->th_x2) 
+					if (th->th_x2)
 						ldt = 1;
 				}
 
@@ -3607,6 +3610,12 @@
 					
 					switch (ip->ip_p) {
 					case IPPROTO_TCP:
+						if ((m = m_pullup(m, 
+						    (ip->ip_hl << 2) + 
+						    sizeof(struct tcphdr))) ==
+						    NULL)
+							goto badnat;
+						ip = mtod(m, struct ip *);
 						th = (struct tcphdr *)(ip + 1);
 						/* 
 						 * Maybe it was set in 
@@ -3614,26 +3623,32 @@
 						 */
 						th->th_x2 = 0;
 						th->th_sum = cksum;
-						mcl->m_pkthdr.csum_data = 
+						m->m_pkthdr.csum_data = 
 						    offsetof(struct tcphdr,
 						    th_sum);
 						break;
 					case IPPROTO_UDP:
+						if ((m = m_pullup(m, 
+						    (ip->ip_hl << 2) + 
+						    sizeof(struct tcphdr))) ==
+						    NULL)
+							goto badnat;
+						ip = mtod(m, struct ip *);
 						uh = (struct udphdr *)(ip + 1);
 						uh->uh_sum = cksum;
-						mcl->m_pkthdr.csum_data = 
+						m->m_pkthdr.csum_data = 
 						    offsetof(struct udphdr,
 						    uh_sum);
-						break;						
+						break;		
 					}
 					/* 
 					 * No hw checksum offloading: do it 
 					 * by ourself. 
 					 */
-					if ((mcl->m_pkthdr.csum_flags & 
+					if ((m->m_pkthdr.csum_flags & 
 					     CSUM_DELAY_DATA) == 0) {
-						in_delayed_cksum(mcl);
-						mcl->m_pkthdr.csum_flags &= 
+						in_delayed_cksum(m);
+						m->m_pkthdr.csum_flags &= 
 						    ~CSUM_DELAY_DATA;
 					}
 					ip->ip_len = htons(ip->ip_len);
@@ -3644,7 +3659,7 @@
 					ip->ip_off = ntohs(ip->ip_off);
 				}
 
-				args->m = mcl;
+				args->m = m;
 				retval = IP_FW_NAT; 
 				goto done;
 			}