pf.c (196019) | pf.c (196039) |
---|---|
1/* $OpenBSD: pf.c,v 1.527 2007/02/22 15:23:23 pyr Exp $ */ 2/* add: $OpenBSD: pf.c,v 1.559 2007/09/18 18:45:59 markus Exp $ */ 3 4/* 5 * Copyright (c) 2001 Daniel Hartmeier 6 * Copyright (c) 2002,2003 Henning Brauer 7 * All rights reserved. 8 * --- 27 unchanged lines hidden (view full) --- 36 * 37 */ 38 39#ifdef __FreeBSD__ 40#include "opt_inet.h" 41#include "opt_inet6.h" 42 43#include <sys/cdefs.h> | 1/* $OpenBSD: pf.c,v 1.527 2007/02/22 15:23:23 pyr Exp $ */ 2/* add: $OpenBSD: pf.c,v 1.559 2007/09/18 18:45:59 markus Exp $ */ 3 4/* 5 * Copyright (c) 2001 Daniel Hartmeier 6 * Copyright (c) 2002,2003 Henning Brauer 7 * All rights reserved. 8 * --- 27 unchanged lines hidden (view full) --- 36 * 37 */ 38 39#ifdef __FreeBSD__ 40#include "opt_inet.h" 41#include "opt_inet6.h" 42 43#include <sys/cdefs.h> |
44__FBSDID("$FreeBSD: head/sys/contrib/pf/net/pf.c 196019 2009-08-01 19:26:27Z rwatson $"); | 44__FBSDID("$FreeBSD: head/sys/contrib/pf/net/pf.c 196039 2009-08-02 19:43:32Z rwatson $"); |
45#endif 46 47#ifdef __FreeBSD__ 48#include "opt_bpf.h" 49#include "opt_pf.h" 50 51#ifdef DEV_BPF 52#define NBPFILTER DEV_BPF --- 6083 unchanged lines hidden (view full) --- 6136 dst = satosin(&ro->ro_dst); 6137 dst->sin_family = AF_INET; 6138 dst->sin_len = sizeof(*dst); 6139 dst->sin_addr = ip->ip_dst; 6140 6141 if (r->rt == PF_FASTROUTE) { 6142 in_rtalloc(ro, 0); 6143 if (ro->ro_rt == 0) { | 45#endif 46 47#ifdef __FreeBSD__ 48#include "opt_bpf.h" 49#include "opt_pf.h" 50 51#ifdef DEV_BPF 52#define NBPFILTER DEV_BPF --- 6083 unchanged lines hidden (view full) --- 6136 dst = satosin(&ro->ro_dst); 6137 dst->sin_family = AF_INET; 6138 dst->sin_len = sizeof(*dst); 6139 dst->sin_addr = ip->ip_dst; 6140 6141 if (r->rt == PF_FASTROUTE) { 6142 in_rtalloc(ro, 0); 6143 if (ro->ro_rt == 0) { |
6144 IPSTAT_INC(ips_noroute); | 6144 KMOD_IPSTAT_INC(ips_noroute); |
6145 goto bad; 6146 } 6147 6148 ifp = ro->ro_rt->rt_ifp; 6149 ro->ro_rt->rt_use++; 6150 6151 if (ro->ro_rt->rt_flags & RTF_GATEWAY) 6152 dst = satosin(ro->ro_rt->rt_gateway); --- 114 unchanged lines hidden (view full) --- 6267 m0->m_pkthdr.csum_flags &= ~M_UDPV4_CSUM_OUT; /* Clear */ 6268 } 6269 } 6270 6271 if (ntohs(ip->ip_len) <= ifp->if_mtu) { 6272 if ((ifp->if_capabilities & IFCAP_CSUM_IPv4) && 6273 ifp->if_bridge == NULL) { 6274 m0->m_pkthdr.csum_flags |= M_IPV4_CSUM_OUT; | 6145 goto bad; 6146 } 6147 6148 ifp = ro->ro_rt->rt_ifp; 6149 ro->ro_rt->rt_use++; 6150 6151 if (ro->ro_rt->rt_flags & RTF_GATEWAY) 6152 dst = satosin(ro->ro_rt->rt_gateway); --- 114 unchanged lines hidden (view full) --- 6267 m0->m_pkthdr.csum_flags &= ~M_UDPV4_CSUM_OUT; /* Clear */ 6268 } 6269 } 6270 6271 if (ntohs(ip->ip_len) <= ifp->if_mtu) { 6272 if ((ifp->if_capabilities & IFCAP_CSUM_IPv4) && 6273 ifp->if_bridge == NULL) { 6274 m0->m_pkthdr.csum_flags |= M_IPV4_CSUM_OUT; |
6275 IPSTAT_INC(ips_outhwcsum); | 6275 KMOD_IPSTAT_INC(ips_outhwcsum); |
6276 } else { 6277 ip->ip_sum = 0; 6278 ip->ip_sum = in_cksum(m0, ip->ip_hl << 2); 6279 } 6280 /* Update relevant hardware checksum stats for TCP/UDP */ 6281 if (m0->m_pkthdr.csum_flags & M_TCPV4_CSUM_OUT) | 6276 } else { 6277 ip->ip_sum = 0; 6278 ip->ip_sum = in_cksum(m0, ip->ip_hl << 2); 6279 } 6280 /* Update relevant hardware checksum stats for TCP/UDP */ 6281 if (m0->m_pkthdr.csum_flags & M_TCPV4_CSUM_OUT) |
6282 TCPSTAT_INC(tcpstat.tcps_outhwcsum); | 6282 KMOD_TCPSTAT_INC(tcps_outhwcsum); |
6283 else if (m0->m_pkthdr.csum_flags & M_UDPV4_CSUM_OUT) | 6283 else if (m0->m_pkthdr.csum_flags & M_UDPV4_CSUM_OUT) |
6284 UDPSTAT_INC(udps_outhwcsum); | 6284 KMOD_UDPSTAT_INC(udps_outhwcsum); |
6285 error = (*ifp->if_output)(ifp, m0, sintosa(dst), NULL); 6286 goto done; 6287 } 6288#endif 6289 /* 6290 * Too large for interface; fragment if possible. 6291 * Must be able to put at least 8 bytes per fragment. 6292 */ 6293 if (ip->ip_off & htons(IP_DF)) { | 6285 error = (*ifp->if_output)(ifp, m0, sintosa(dst), NULL); 6286 goto done; 6287 } 6288#endif 6289 /* 6290 * Too large for interface; fragment if possible. 6291 * Must be able to put at least 8 bytes per fragment. 6292 */ 6293 if (ip->ip_off & htons(IP_DF)) { |
6294 IPSTAT_INC(ips_cantfrag); | 6294 KMOD_IPSTAT_INC(ips_cantfrag); |
6295 if (r->rt != PF_DUPTO) { 6296#ifdef __FreeBSD__ 6297 /* icmp_error() expects host byte ordering */ 6298 NTOHS(ip->ip_len); 6299 NTOHS(ip->ip_off); 6300 PF_UNLOCK(); 6301 icmp_error(m0, ICMP_UNREACH, ICMP_UNREACH_NEEDFRAG, 0, 6302 ifp->if_mtu); --- 40 unchanged lines hidden (view full) --- 6343 error = (*ifp->if_output)(ifp, m0, sintosa(dst), 6344 NULL); 6345 else 6346#endif 6347 m_freem(m0); 6348 } 6349 6350 if (error == 0) | 6295 if (r->rt != PF_DUPTO) { 6296#ifdef __FreeBSD__ 6297 /* icmp_error() expects host byte ordering */ 6298 NTOHS(ip->ip_len); 6299 NTOHS(ip->ip_off); 6300 PF_UNLOCK(); 6301 icmp_error(m0, ICMP_UNREACH, ICMP_UNREACH_NEEDFRAG, 0, 6302 ifp->if_mtu); --- 40 unchanged lines hidden (view full) --- 6343 error = (*ifp->if_output)(ifp, m0, sintosa(dst), 6344 NULL); 6345 else 6346#endif 6347 m_freem(m0); 6348 } 6349 6350 if (error == 0) |
6351 IPSTAT_INC(ips_fragmented); | 6351 KMOD_IPSTAT_INC(ips_fragmented); |
6352 6353done: 6354 if (r->rt != PF_DUPTO) 6355 *m = NULL; 6356 if (ro == &iproute && ro->ro_rt) 6357 RTFREE(ro->ro_rt); 6358 return; 6359 --- 257 unchanged lines hidden (view full) --- 6617 default: 6618 return (1); 6619 } 6620 } 6621 if (sum) { 6622 switch (p) { 6623 case IPPROTO_TCP: 6624 { | 6352 6353done: 6354 if (r->rt != PF_DUPTO) 6355 *m = NULL; 6356 if (ro == &iproute && ro->ro_rt) 6357 RTFREE(ro->ro_rt); 6358 return; 6359 --- 257 unchanged lines hidden (view full) --- 6617 default: 6618 return (1); 6619 } 6620 } 6621 if (sum) { 6622 switch (p) { 6623 case IPPROTO_TCP: 6624 { |
6625 TCPSTAT_INC(tcps_rcvbadsum); | 6625 KMOD_TCPSTAT_INC(tcps_rcvbadsum); |
6626 break; 6627 } 6628 case IPPROTO_UDP: 6629 { | 6626 break; 6627 } 6628 case IPPROTO_UDP: 6629 { |
6630 UDPSTAT_INC(udps_badsum); | 6630 KMOD_UDPSTAT_INC(udps_badsum); |
6631 break; 6632 } 6633 case IPPROTO_ICMP: 6634 { | 6631 break; 6632 } 6633 case IPPROTO_ICMP: 6634 { |
6635 ICMPSTAT_INC(icps_checksum); | 6635 KMOD_ICMPSTAT_INC(icps_checksum); |
6636 break; 6637 } 6638#ifdef INET6 6639 case IPPROTO_ICMPV6: 6640 { | 6636 break; 6637 } 6638#ifdef INET6 6639 case IPPROTO_ICMPV6: 6640 { |
6641 ICMP6STAT_INC(icp6s_checksum); | 6641 KMOD_ICMP6STAT_INC(icp6s_checksum); |
6642 break; 6643 } 6644#endif /* INET6 */ 6645 } 6646 return (1); 6647 } else { 6648 if (p == IPPROTO_TCP || p == IPPROTO_UDP) { 6649 m->m_pkthdr.csum_flags |= --- 70 unchanged lines hidden (view full) --- 6720#endif /* INET6 */ 6721 default: 6722 return (1); 6723 } 6724 if (sum) { 6725 m->m_pkthdr.csum_flags |= flag_bad; 6726 switch (p) { 6727 case IPPROTO_TCP: | 6642 break; 6643 } 6644#endif /* INET6 */ 6645 } 6646 return (1); 6647 } else { 6648 if (p == IPPROTO_TCP || p == IPPROTO_UDP) { 6649 m->m_pkthdr.csum_flags |= --- 70 unchanged lines hidden (view full) --- 6720#endif /* INET6 */ 6721 default: 6722 return (1); 6723 } 6724 if (sum) { 6725 m->m_pkthdr.csum_flags |= flag_bad; 6726 switch (p) { 6727 case IPPROTO_TCP: |
6728 TCPSTAT_INC(tcps_rcvbadsum); | 6728 KMOD_TCPSTAT_INC(tcps_rcvbadsum); |
6729 break; 6730 case IPPROTO_UDP: | 6729 break; 6730 case IPPROTO_UDP: |
6731 UDPSTAT_INC(udps_badsum); | 6731 KMOD_UDPSTAT_INC(udps_badsum); |
6732 break; 6733 case IPPROTO_ICMP: | 6732 break; 6733 case IPPROTO_ICMP: |
6734 ICMPSTAT_INC(icps_checksum); | 6734 KMOD_ICMPSTAT_INC(icps_checksum); |
6735 break; 6736#ifdef INET6 6737 case IPPROTO_ICMPV6: | 6735 break; 6736#ifdef INET6 6737 case IPPROTO_ICMPV6: |
6738 ICMP6STAT_INC(icp6s_checksum); | 6738 KMOD_ICMP6STAT_INC(icp6s_checksum); |
6739 break; 6740#endif /* INET6 */ 6741 } 6742 return (1); 6743 } 6744 m->m_pkthdr.csum_flags |= flag_ok; 6745 return (0); 6746} --- 863 unchanged lines hidden --- | 6739 break; 6740#endif /* INET6 */ 6741 } 6742 return (1); 6743 } 6744 m->m_pkthdr.csum_flags |= flag_ok; 6745 return (0); 6746} --- 863 unchanged lines hidden --- |