| if_pfsync.c (268492) | if_pfsync.c (269699) |
|---|---|
| 1/*- 2 * Copyright (c) 2002 Michael Shalayeff 3 * Copyright (c) 2012 Gleb Smirnoff <glebius@FreeBSD.org> 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: --- 44 unchanged lines hidden (view full) --- 53 * 1.128 - cleanups 54 * 1.146 - bzero() mbuf before sparsely filling it with data 55 * 1.170 - SIOCSIFMTU checks 56 * 1.126, 1.142 - deferred packets processing 57 * 1.173 - correct expire time processing 58 */ 59 60#include <sys/cdefs.h> | 1/*- 2 * Copyright (c) 2002 Michael Shalayeff 3 * Copyright (c) 2012 Gleb Smirnoff <glebius@FreeBSD.org> 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: --- 44 unchanged lines hidden (view full) --- 53 * 1.128 - cleanups 54 * 1.146 - bzero() mbuf before sparsely filling it with data 55 * 1.170 - SIOCSIFMTU checks 56 * 1.126, 1.142 - deferred packets processing 57 * 1.173 - correct expire time processing 58 */ 59 60#include <sys/cdefs.h> |
| 61__FBSDID("$FreeBSD: head/sys/netpfil/pf/if_pfsync.c 268492 2014-07-10 12:41:58Z glebius $"); | 61__FBSDID("$FreeBSD: head/sys/netpfil/pf/if_pfsync.c 269699 2014-08-08 01:57:15Z kevlo $"); |
| 62 63#include "opt_inet.h" 64#include "opt_inet6.h" 65#include "opt_pf.h" 66 67#include <sys/param.h> 68#include <sys/bus.h> 69#include <sys/endian.h> --- 495 unchanged lines hidden (view full) --- 565 uma_zfree(V_pf_state_scrub_z, st->dst.scrub); 566 if (st->src.scrub) 567 uma_zfree(V_pf_state_scrub_z, st->src.scrub); 568 uma_zfree(V_pf_state_z, st); 569 } 570 return (error); 571} 572 | 62 63#include "opt_inet.h" 64#include "opt_inet6.h" 65#include "opt_pf.h" 66 67#include <sys/param.h> 68#include <sys/bus.h> 69#include <sys/endian.h> --- 495 unchanged lines hidden (view full) --- 565 uma_zfree(V_pf_state_scrub_z, st->dst.scrub); 566 if (st->src.scrub) 567 uma_zfree(V_pf_state_scrub_z, st->src.scrub); 568 uma_zfree(V_pf_state_z, st); 569 } 570 return (error); 571} 572 |
| 573static void 574pfsync_input(struct mbuf *m, __unused int off) | 573static int 574pfsync_input(struct mbuf **mp, int *offp __unused, int proto __unused) |
| 575{ 576 struct pfsync_softc *sc = V_pfsyncif; 577 struct pfsync_pkt pkt; | 575{ 576 struct pfsync_softc *sc = V_pfsyncif; 577 struct pfsync_pkt pkt; |
| 578 struct mbuf *m = *mp; |
|
| 578 struct ip *ip = mtod(m, struct ip *); 579 struct pfsync_header *ph; 580 struct pfsync_subheader subh; 581 582 int offset, len; 583 int rv; 584 uint16_t count; 585 | 579 struct ip *ip = mtod(m, struct ip *); 580 struct pfsync_header *ph; 581 struct pfsync_subheader subh; 582 583 int offset, len; 584 int rv; 585 uint16_t count; 586 |
| 587 *mp = NULL; |
|
| 586 V_pfsyncstats.pfsyncs_ipackets++; 587 588 /* Verify that we have a sync interface configured. */ 589 if (!sc || !sc->sc_sync_if || !V_pf_status.running || 590 (sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) 591 goto done; 592 593 /* verify that the packet came in on the right interface */ --- 14 unchanged lines hidden (view full) --- 608 if (m->m_pkthdr.len < offset + sizeof(*ph)) { 609 V_pfsyncstats.pfsyncs_hdrops++; 610 goto done; 611 } 612 613 if (offset + sizeof(*ph) > m->m_len) { 614 if (m_pullup(m, offset + sizeof(*ph)) == NULL) { 615 V_pfsyncstats.pfsyncs_hdrops++; | 588 V_pfsyncstats.pfsyncs_ipackets++; 589 590 /* Verify that we have a sync interface configured. */ 591 if (!sc || !sc->sc_sync_if || !V_pf_status.running || 592 (sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) 593 goto done; 594 595 /* verify that the packet came in on the right interface */ --- 14 unchanged lines hidden (view full) --- 610 if (m->m_pkthdr.len < offset + sizeof(*ph)) { 611 V_pfsyncstats.pfsyncs_hdrops++; 612 goto done; 613 } 614 615 if (offset + sizeof(*ph) > m->m_len) { 616 if (m_pullup(m, offset + sizeof(*ph)) == NULL) { 617 V_pfsyncstats.pfsyncs_hdrops++; |
| 616 return; | 618 return (IPPROTO_DONE); |
| 617 } 618 ip = mtod(m, struct ip *); 619 } 620 ph = (struct pfsync_header *)((char *)ip + offset); 621 622 /* verify the version */ 623 if (ph->version != PFSYNC_VERSION) { 624 V_pfsyncstats.pfsyncs_badver++; --- 30 unchanged lines hidden (view full) --- 655 goto done; 656 } 657 658 count = ntohs(subh.count); 659 V_pfsyncstats.pfsyncs_iacts[subh.action] += count; 660 rv = (*pfsync_acts[subh.action])(&pkt, m, offset, count); 661 if (rv == -1) { 662 PF_RULES_RUNLOCK(); | 619 } 620 ip = mtod(m, struct ip *); 621 } 622 ph = (struct pfsync_header *)((char *)ip + offset); 623 624 /* verify the version */ 625 if (ph->version != PFSYNC_VERSION) { 626 V_pfsyncstats.pfsyncs_badver++; --- 30 unchanged lines hidden (view full) --- 657 goto done; 658 } 659 660 count = ntohs(subh.count); 661 V_pfsyncstats.pfsyncs_iacts[subh.action] += count; 662 rv = (*pfsync_acts[subh.action])(&pkt, m, offset, count); 663 if (rv == -1) { 664 PF_RULES_RUNLOCK(); |
| 663 return; | 665 return (IPPROTO_DONE); |
| 664 } 665 666 offset += rv; 667 } 668 PF_RULES_RUNLOCK(); 669 670done: 671 m_freem(m); | 666 } 667 668 offset += rv; 669 } 670 PF_RULES_RUNLOCK(); 671 672done: 673 m_freem(m); |
| 674 return (IPPROTO_DONE); |
|
| 672} 673 674static int 675pfsync_in_clr(struct pfsync_pkt *pkt, struct mbuf *m, int offset, int count) 676{ 677 struct pfsync_clr *clr; 678 struct mbuf *mp; 679 int len = sizeof(*clr) * count; --- 1739 unchanged lines hidden --- | 675} 676 677static int 678pfsync_in_clr(struct pfsync_pkt *pkt, struct mbuf *m, int offset, int count) 679{ 680 struct pfsync_clr *clr; 681 struct mbuf *mp; 682 int len = sizeof(*clr) * count; --- 1739 unchanged lines hidden --- |