diff options
| author | Luiz Otavio O Souza <luiz@netgate.com> | 2016-11-03 02:05:52 -0500 |
|---|---|---|
| committer | Luiz Souza <luiz@netgate.com> | 2017-07-17 21:43:54 -0500 |
| commit | 99d6defc780f171249f761f118ae9f5155d13d4a (patch) | |
| tree | 58d21fcb1a760ced8a4859a0ba6323314f0c9443 | |
| parent | acc566ae1f356c5a081e9365b70845c34a96ea2b (diff) | |
| download | FreeBSD-src-99d6defc780f171249f761f118ae9f5155d13d4a.zip FreeBSD-src-99d6defc780f171249f761f118ae9f5155d13d4a.tar.gz | |
Set the dnflow fields after parse the protocol headers.
(cherry picked from commit 4a13836be57e438f8e088ecd478441dc132db3f9)
| -rw-r--r-- | sys/netpfil/pf/pf.c | 24 |
1 files changed, 10 insertions, 14 deletions
diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index 510e529..7adddd7 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -6316,15 +6316,14 @@ pf_test(int dir, struct ifnet *ifp, struct mbuf **m0, struct inpcb *inp) struct tcphdr th; pd.hdr.tcp = &th; - dnflow.f_id._flags = th.th_flags; - dnflow.f_id.dst_port = ntohs(th.th_dport); - dnflow.f_id.src_port = ntohs(th.th_sport); - if (!pf_pull_hdr(m, off, &th, sizeof(th), &action, &reason, AF_INET)) { log = action != PF_PASS; goto done; } + dnflow.f_id._flags = th.th_flags; + dnflow.f_id.dst_port = ntohs(th.th_dport); + dnflow.f_id.src_port = ntohs(th.th_sport); pd.p_len = pd.tot_len - off - (th.th_off << 2); if ((th.th_flags & TH_ACK) && pd.p_len == 0) pqid = 1; @@ -6349,14 +6348,13 @@ pf_test(int dir, struct ifnet *ifp, struct mbuf **m0, struct inpcb *inp) struct udphdr uh; pd.hdr.udp = &uh; - dnflow.f_id.dst_port = ntohs(uh.uh_dport); - dnflow.f_id.src_port = ntohs(uh.uh_sport); - if (!pf_pull_hdr(m, off, &uh, sizeof(uh), &action, &reason, AF_INET)) { log = action != PF_PASS; goto done; } + dnflow.f_id.dst_port = ntohs(uh.uh_dport); + dnflow.f_id.src_port = ntohs(uh.uh_sport); if (uh.uh_dport == 0 || ntohs(uh.uh_ulen) > m->m_pkthdr.len - off || ntohs(uh.uh_ulen) < sizeof(struct udphdr)) { @@ -6871,15 +6869,14 @@ pf_test6(int dir, struct ifnet *ifp, struct mbuf **m0, struct inpcb *inp) struct tcphdr th; pd.hdr.tcp = &th; - dnflow.f_id._flags = th.th_flags; - dnflow.f_id.dst_port = th.th_dport; - dnflow.f_id.src_port = th.th_sport; - if (!pf_pull_hdr(m, off, &th, sizeof(th), &action, &reason, AF_INET6)) { log = action != PF_PASS; goto done; } + dnflow.f_id._flags = th.th_flags; + dnflow.f_id.dst_port = th.th_dport; + dnflow.f_id.src_port = th.th_sport; pd.p_len = pd.tot_len - off - (th.th_off << 2); action = pf_normalize_tcp(dir, kif, m, 0, off, h, &pd); if (action == PF_DROP) @@ -6902,14 +6899,13 @@ pf_test6(int dir, struct ifnet *ifp, struct mbuf **m0, struct inpcb *inp) struct udphdr uh; pd.hdr.udp = &uh; - dnflow.f_id.dst_port = uh.uh_dport; - dnflow.f_id.src_port = uh.uh_sport; - if (!pf_pull_hdr(m, off, &uh, sizeof(uh), &action, &reason, AF_INET6)) { log = action != PF_PASS; goto done; } + dnflow.f_id.dst_port = uh.uh_dport; + dnflow.f_id.src_port = uh.uh_sport; if (uh.uh_dport == 0 || ntohs(uh.uh_ulen) > m->m_pkthdr.len - off || ntohs(uh.uh_ulen) < sizeof(struct udphdr)) { |
