diff options
author | kp <kp@FreeBSD.org> | 2016-08-17 09:24:46 +0000 |
---|---|---|
committer | Renato Botelho <renato@netgate.com> | 2016-09-23 12:20:16 -0300 |
commit | 2c5fe01728fe484682ba6d76165408f0c3c69aac (patch) | |
tree | f1887b64994ac0d0c4d756c29589f9cdd7bd06bb | |
parent | c56758fe417b7755f1e237f8a4a9224acf7200e5 (diff) | |
download | FreeBSD-src-2c5fe01728fe484682ba6d76165408f0c3c69aac.zip FreeBSD-src-2c5fe01728fe484682ba6d76165408f0c3c69aac.tar.gz |
MFC r302497:
pf: Map hook returns onto the correct error values
pf returns PF_PASS, PF_DROP, ... in the netpfil hooks, but the hook callers
expect to get E<foo> error codes.
Map the returns values. A pass is 0 (everything is OK), anything else means
pf ate the packet, so return EACCES, which tells the stack not to emit an ICMP
error message.
PR: 207598
(cherry picked from commit 26d31e281678303d3071eb6fbac74b22036f44c5)
-rw-r--r-- | sys/netpfil/pf/pf_ioctl.c | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c index b00952c..2543879 100644 --- a/sys/netpfil/pf/pf_ioctl.c +++ b/sys/netpfil/pf/pf_ioctl.c @@ -3626,7 +3626,9 @@ pf_check_in(void *arg, struct mbuf **m, struct ifnet *ifp, int dir, *m = NULL; } - return (chk); + if (chk != PF_PASS) + return (EACCES); + return (0); } static int @@ -3641,7 +3643,9 @@ pf_check_out(void *arg, struct mbuf **m, struct ifnet *ifp, int dir, *m = NULL; } - return (chk); + if (chk != PF_PASS) + return (EACCES); + return (0); } #endif @@ -3664,7 +3668,9 @@ pf_check6_in(void *arg, struct mbuf **m, struct ifnet *ifp, int dir, m_freem(*m); *m = NULL; } - return chk; + if (chk != PF_PASS) + return (EACCES); + return (0); } static int @@ -3680,7 +3686,9 @@ pf_check6_out(void *arg, struct mbuf **m, struct ifnet *ifp, int dir, m_freem(*m); *m = NULL; } - return chk; + if (chk != PF_PASS) + return (EACCES); + return (0); } #endif /* INET6 */ |