Date: Thu, 12 Apr 2012 12:15:15 +0000 (UTC) From: Gleb Smirnoff <glebius@FreeBSD.org> To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r234175 - projects/pf/head/sys/contrib/pf/net Message-ID: <201204121215.q3CCFFJp027825@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: glebius Date: Thu Apr 12 12:15:15 2012 New Revision: 234175 URL: http://svn.freebsd.org/changeset/base/234175 Log: Neither our pfil(9) supply the Ethernet header of packet, nor our ip_output() accepts it, so there is no reason to push around that always NULL pointers. Remove them, as well as code that never executes. Modified: projects/pf/head/sys/contrib/pf/net/pf.c projects/pf/head/sys/contrib/pf/net/pf_ioctl.c projects/pf/head/sys/contrib/pf/net/pfvar.h Modified: projects/pf/head/sys/contrib/pf/net/pf.c ============================================================================== --- projects/pf/head/sys/contrib/pf/net/pf.c Thu Apr 12 11:27:09 2012 (r234174) +++ projects/pf/head/sys/contrib/pf/net/pf.c Thu Apr 12 12:15:15 2012 (r234175) @@ -183,7 +183,7 @@ static void pf_send_tcp(struct mbuf *, const struct pf_addr *, const struct pf_addr *, u_int16_t, u_int16_t, u_int32_t, u_int32_t, u_int8_t, u_int16_t, u_int16_t, u_int8_t, int, - u_int16_t, struct ether_header *, struct ifnet *); + u_int16_t, struct ifnet *); static void pf_send_icmp(struct mbuf *, u_int8_t, u_int8_t, sa_family_t, struct pf_rule *); static void pf_detach_state(struct pf_state *); @@ -1338,7 +1338,7 @@ pf_unlink_state(struct pf_state *s, u_in s->key[PF_SK_WIRE]->port[1], s->key[PF_SK_WIRE]->port[0], s->src.seqhi, s->src.seqlo + 1, - TH_RST|TH_ACK, 0, 0, 0, 1, s->tag, NULL, NULL); + TH_RST|TH_ACK, 0, 0, 0, 1, s->tag, NULL); } LIST_REMOVE(s, entry); @@ -1949,7 +1949,7 @@ pf_send_tcp(struct mbuf *replyto, const const struct pf_addr *saddr, const struct pf_addr *daddr, u_int16_t sport, u_int16_t dport, u_int32_t seq, u_int32_t ack, u_int8_t flags, u_int16_t win, u_int16_t mss, u_int8_t ttl, int tag, - u_int16_t rtag, struct ether_header *eh, struct ifnet *ifp) + u_int16_t rtag, struct ifnet *ifp) { struct mbuf *m; int len, tlen; @@ -2096,33 +2096,9 @@ pf_send_tcp(struct mbuf *replyto, const h->ip_len = len; h->ip_ttl = ttl ? ttl : V_ip_defttl; h->ip_sum = 0; - if (eh == NULL) { - PF_UNLOCK(); - ip_output(m, (void *)NULL, (void *)NULL, 0, - (void *)NULL, (void *)NULL); - PF_LOCK(); - } else { - struct route ro; - struct rtentry rt; - struct ether_header *e = (void *)ro.ro_dst.sa_data; - - if (ifp == NULL) { - m_freem(m); - return; - } - rt.rt_ifp = ifp; - ro.ro_rt = &rt; - ro.ro_dst.sa_len = sizeof(ro.ro_dst); - ro.ro_dst.sa_family = pseudo_AF_HDRCMPLT; - bcopy(eh->ether_dhost, e->ether_shost, ETHER_ADDR_LEN); - bcopy(eh->ether_shost, e->ether_dhost, ETHER_ADDR_LEN); - e->ether_type = eh->ether_type; - PF_UNLOCK(); - /* XXX_IMPORT: later */ - ip_output(m, (void *)NULL, &ro, 0, - (void *)NULL, (void *)NULL); - PF_LOCK(); - } + PF_UNLOCK(); + ip_output(m, NULL, NULL, 0, NULL, NULL); + PF_LOCK(); break; #endif /* INET */ #ifdef INET6 @@ -3147,7 +3123,7 @@ pf_test_rule(struct pf_rule **rm, struct pf_send_tcp(m, r, af, pd->dst, pd->src, th->th_dport, th->th_sport, ntohl(th->th_ack), ack, TH_RST|TH_ACK, 0, 0, - r->return_ttl, 1, 0, pd->eh, kif->pfik_ifp); + r->return_ttl, 1, 0, kif->pfik_ifp); } } else if (pd->proto != IPPROTO_ICMP && af == AF_INET && r->return_icmp) @@ -3410,7 +3386,7 @@ pf_create_state(struct pf_rule *r, struc s->src.mss = mss; pf_send_tcp(NULL, r, pd->af, pd->dst, pd->src, th->th_dport, th->th_sport, s->src.seqhi, ntohl(th->th_seq) + 1, - TH_SYN|TH_ACK, 0, s->src.mss, 0, 1, 0, NULL, NULL); + TH_SYN|TH_ACK, 0, s->src.mss, 0, 1, 0, NULL); REASON_SET(&reason, PFRES_SYNPROXY); return (PF_SYNPROXY_DROP); } @@ -3825,7 +3801,7 @@ pf_tcp_track_full(struct pf_state_peer * th->th_sport, ntohl(th->th_ack), 0, TH_RST, 0, 0, (*state)->rule.ptr->return_ttl, 1, 0, - pd->eh, kif->pfik_ifp); + kif->pfik_ifp); src->seqlo = 0; src->seqhi = 1; src->max_win = 1; @@ -3978,8 +3954,7 @@ pf_test_state_tcp(struct pf_state **stat pf_send_tcp(NULL, (*state)->rule.ptr, pd->af, pd->dst, pd->src, th->th_dport, th->th_sport, (*state)->src.seqhi, ntohl(th->th_seq) + 1, - TH_SYN|TH_ACK, 0, (*state)->src.mss, 0, 1, - 0, NULL, NULL); + TH_SYN|TH_ACK, 0, (*state)->src.mss, 0, 1, 0, NULL); REASON_SET(reason, PFRES_SYNPROXY); return (PF_SYNPROXY_DROP); } else if (!(th->th_flags & TH_ACK) || @@ -4009,7 +3984,7 @@ pf_test_state_tcp(struct pf_state **stat &sk->addr[pd->sidx], &sk->addr[pd->didx], sk->port[pd->sidx], sk->port[pd->didx], (*state)->dst.seqhi, 0, TH_SYN, 0, - (*state)->src.mss, 0, 0, (*state)->tag, NULL, NULL); + (*state)->src.mss, 0, 0, (*state)->tag, NULL); REASON_SET(reason, PFRES_SYNPROXY); return (PF_SYNPROXY_DROP); } else if (((th->th_flags & (TH_SYN|TH_ACK)) != @@ -4024,13 +3999,12 @@ pf_test_state_tcp(struct pf_state **stat pd->src, th->th_dport, th->th_sport, ntohl(th->th_ack), ntohl(th->th_seq) + 1, TH_ACK, (*state)->src.max_win, 0, 0, 0, - (*state)->tag, NULL, NULL); + (*state)->tag, NULL); pf_send_tcp(NULL, (*state)->rule.ptr, pd->af, &sk->addr[pd->sidx], &sk->addr[pd->didx], sk->port[pd->sidx], sk->port[pd->didx], (*state)->src.seqhi + 1, (*state)->src.seqlo + 1, - TH_ACK, (*state)->dst.max_win, 0, 0, 1, - 0, NULL, NULL); + TH_ACK, (*state)->dst.max_win, 0, 0, 1, 0, NULL); (*state)->src.seqdiff = (*state)->dst.seqhi - (*state)->src.seqlo; (*state)->dst.seqdiff = (*state)->src.seqhi - @@ -5143,7 +5117,7 @@ pf_route(struct mbuf **m, struct pf_rule if (oifp != ifp) { PF_UNLOCK(); - if (pf_test(PF_OUT, ifp, &m0, NULL, NULL) != PF_PASS) { + if (pf_test(PF_OUT, ifp, &m0, NULL) != PF_PASS) { PF_LOCK(); goto bad; } else if (m0 == NULL) { @@ -5333,7 +5307,7 @@ pf_route6(struct mbuf **m, struct pf_rul if (oifp != ifp) { PF_UNLOCK(); - if (pf_test6(PF_OUT, ifp, &m0, NULL, NULL) != PF_PASS) { + if (pf_test6(PF_OUT, ifp, &m0, NULL) != PF_PASS) { PF_LOCK(); goto bad; } else if (m0 == NULL) { @@ -5517,8 +5491,7 @@ pf_check_proto_cksum(struct mbuf *m, int #ifdef INET int -pf_test(int dir, struct ifnet *ifp, struct mbuf **m0, - struct ether_header *eh, struct inpcb *inp) +pf_test(int dir, struct ifnet *ifp, struct mbuf **m0, struct inpcb *inp) { struct pfi_kif *kif; u_short action, reason = 0, log = 0; @@ -5605,7 +5578,6 @@ pf_test(int dir, struct ifnet *ifp, stru pd.af = AF_INET; pd.tos = h->ip_tos; pd.tot_len = ntohs(h->ip_len); - pd.eh = eh; /* handle fragments that didn't get reassembled by normalization */ if (h->ip_off & htons(IP_MF | IP_OFFMASK)) { @@ -5880,8 +5852,7 @@ done: #ifdef INET6 int -pf_test6(int dir, struct ifnet *ifp, struct mbuf **m0, - struct ether_header *eh, struct inpcb *inp) +pf_test6(int dir, struct ifnet *ifp, struct mbuf **m0, struct inpcb *inp) { struct pfi_kif *kif; u_short action, reason = 0, log = 0; @@ -5959,7 +5930,6 @@ pf_test6(int dir, struct ifnet *ifp, str pd.af = AF_INET6; pd.tos = 0; pd.tot_len = ntohs(h->ip6_plen) + sizeof(struct ip6_hdr); - pd.eh = eh; off = ((caddr_t)h - m->m_data) + sizeof(struct ip6_hdr); pd.proto = h->ip6_nxt; Modified: projects/pf/head/sys/contrib/pf/net/pf_ioctl.c ============================================================================== --- projects/pf/head/sys/contrib/pf/net/pf_ioctl.c Thu Apr 12 11:27:09 2012 (r234174) +++ projects/pf/head/sys/contrib/pf/net/pf_ioctl.c Thu Apr 12 12:15:15 2012 (r234175) @@ -3538,7 +3538,7 @@ pf_check_in(void *arg, struct mbuf **m, HTONS(h->ip_off); } CURVNET_SET(ifp->if_vnet); - chk = pf_test(PF_IN, ifp, m, NULL, inp); + chk = pf_test(PF_IN, ifp, m, inp); CURVNET_RESTORE(); if (chk && *m) { m_freem(*m); @@ -3580,7 +3580,7 @@ pf_check_out(void *arg, struct mbuf **m, HTONS(h->ip_off); } CURVNET_SET(ifp->if_vnet); - chk = pf_test(PF_OUT, ifp, m, NULL, inp); + chk = pf_test(PF_OUT, ifp, m, inp); CURVNET_RESTORE(); if (chk && *m) { m_freem(*m); @@ -3613,8 +3613,7 @@ pf_check6_in(void *arg, struct mbuf **m, * filtering we have change this to lo0 as it is the case in IPv4. */ CURVNET_SET(ifp->if_vnet); - chk = pf_test6(PF_IN, (*m)->m_flags & M_LOOP ? V_loif : ifp, m, - NULL, inp); + chk = pf_test6(PF_IN, (*m)->m_flags & M_LOOP ? V_loif : ifp, m, inp); CURVNET_RESTORE(); if (chk && *m) { m_freem(*m); @@ -3641,7 +3640,7 @@ pf_check6_out(void *arg, struct mbuf **m (*m)->m_pkthdr.csum_flags &= ~CSUM_DELAY_DATA; } CURVNET_SET(ifp->if_vnet); - chk = pf_test6(PF_OUT, ifp, m, NULL, inp); + chk = pf_test6(PF_OUT, ifp, m, inp); CURVNET_RESTORE(); if (chk && *m) { m_freem(*m); Modified: projects/pf/head/sys/contrib/pf/net/pfvar.h ============================================================================== --- projects/pf/head/sys/contrib/pf/net/pfvar.h Thu Apr 12 11:27:09 2012 (r234174) +++ projects/pf/head/sys/contrib/pf/net/pfvar.h Thu Apr 12 12:15:15 2012 (r234175) @@ -1201,8 +1201,6 @@ struct pf_pdesc { } hdr; struct pf_rule *nat_rule; /* nat/rdr rule applied to packet */ - struct ether_header - *eh; struct pf_addr *src; /* src address */ struct pf_addr *dst; /* dst address */ u_int16_t *sport; @@ -1819,13 +1817,11 @@ extern void pf_addrcpy(struct pf_addr void pf_rm_rule(struct pf_rulequeue *, struct pf_rule *); #ifdef INET -int pf_test(int, struct ifnet *, struct mbuf **, struct ether_header *, - struct inpcb *); +int pf_test(int, struct ifnet *, struct mbuf **, struct inpcb *); #endif /* INET */ #ifdef INET6 -int pf_test6(int, struct ifnet *, struct mbuf **, struct ether_header *, - struct inpcb *); +int pf_test6(int, struct ifnet *, struct mbuf **, struct inpcb *); void pf_poolmask(struct pf_addr *, struct pf_addr*, struct pf_addr *, struct pf_addr *, u_int8_t); void pf_addr_inc(struct pf_addr *, sa_family_t);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201204121215.q3CCFFJp027825>