diff options
author | mlaier <mlaier@FreeBSD.org> | 2004-03-02 20:29:55 +0000 |
---|---|---|
committer | mlaier <mlaier@FreeBSD.org> | 2004-03-02 20:29:55 +0000 |
commit | d3ede346f9d3bdcbd733922d7a0d69135096756a (patch) | |
tree | 6678c8eb0c1ba79fa555d3a6b2648ee5d1bdf3a8 | |
parent | 4c53114daae7f9b2c90a24b173708a621907e05d (diff) | |
download | FreeBSD-src-d3ede346f9d3bdcbd733922d7a0d69135096756a.zip FreeBSD-src-d3ede346f9d3bdcbd733922d7a0d69135096756a.tar.gz |
Move PFIL_HOOKS and ipfw past the scope checks to allow easy redirection to
linklocal.
Obtained from: OpenBSD
Reviewed by: ume
Approved by: bms(mentor)
-rw-r--r-- | sys/netinet6/ip6_input.c | 64 |
1 files changed, 32 insertions, 32 deletions
diff --git a/sys/netinet6/ip6_input.c b/sys/netinet6/ip6_input.c index 27af922..412d6a3 100644 --- a/sys/netinet6/ip6_input.c +++ b/sys/netinet6/ip6_input.c @@ -343,41 +343,9 @@ ip6_input(m) goto bad; } -#ifdef PFIL_HOOKS - /* - * Run through list of hooks for input packets. - * - * NB: Beware of the destination address changing - * (e.g. by NAT rewriting). When this happens, - * tell ip6_forward to do the right thing. - */ - odst = ip6->ip6_dst; - if (pfil_run_hooks(&inet6_pfil_hook, &m, m->m_pkthdr.rcvif, PFIL_IN)) - return; - if (m == NULL) /* consumed by filter */ - return; - ip6 = mtod(m, struct ip6_hdr *); - srcrt = !IN6_ARE_ADDR_EQUAL(&odst, &ip6->ip6_dst); -#endif /* PFIL_HOOKS */ - ip6stat.ip6s_nxthist[ip6->ip6_nxt]++; /* - * Check with the firewall... - */ - if (ip6_fw_enable && ip6_fw_chk_ptr) { - u_short port = 0; - /* If ipfw says divert, we have to just drop packet */ - /* use port as a dummy argument */ - if ((*ip6_fw_chk_ptr)(&ip6, NULL, &port, &m)) { - m_freem(m); - m = NULL; - } - if (!m) - return; - } - - /* * Check against address spoofing/corruption. */ if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_src) || @@ -456,6 +424,38 @@ ip6_input(m) } } +#ifdef PFIL_HOOKS + /* + * Run through list of hooks for input packets. + * + * NB: Beware of the destination address changing + * (e.g. by NAT rewriting). When this happens, + * tell ip6_forward to do the right thing. + */ + odst = ip6->ip6_dst; + if (pfil_run_hooks(&inet6_pfil_hook, &m, m->m_pkthdr.rcvif, PFIL_IN)) + return; + if (m == NULL) /* consumed by filter */ + return; + ip6 = mtod(m, struct ip6_hdr *); + srcrt = !IN6_ARE_ADDR_EQUAL(&odst, &ip6->ip6_dst); +#endif /* PFIL_HOOKS */ + + /* + * Check with the firewall... + */ + if (ip6_fw_enable && ip6_fw_chk_ptr) { + u_short port = 0; + /* If ipfw says divert, we have to just drop packet */ + /* use port as a dummy argument */ + if ((*ip6_fw_chk_ptr)(&ip6, NULL, &port, &m)) { + m_freem(m); + m = NULL; + } + if (!m) + return; + } + /* * construct source and destination address structures with * disambiguating their scope zones (if there is ambiguity). |