summaryrefslogtreecommitdiffstats
path: root/sys/netinet6
diff options
context:
space:
mode:
authormlaier <mlaier@FreeBSD.org>2004-03-02 20:29:55 +0000
committermlaier <mlaier@FreeBSD.org>2004-03-02 20:29:55 +0000
commitd3ede346f9d3bdcbd733922d7a0d69135096756a (patch)
tree6678c8eb0c1ba79fa555d3a6b2648ee5d1bdf3a8 /sys/netinet6
parent4c53114daae7f9b2c90a24b173708a621907e05d (diff)
downloadFreeBSD-src-d3ede346f9d3bdcbd733922d7a0d69135096756a.zip
FreeBSD-src-d3ede346f9d3bdcbd733922d7a0d69135096756a.tar.gz
Move PFIL_HOOKS and ipfw past the scope checks to allow easy redirection to
linklocal. Obtained from: OpenBSD Reviewed by: ume Approved by: bms(mentor)
Diffstat (limited to 'sys/netinet6')
-rw-r--r--sys/netinet6/ip6_input.c64
1 files changed, 32 insertions, 32 deletions
diff --git a/sys/netinet6/ip6_input.c b/sys/netinet6/ip6_input.c
index 27af922..412d6a3 100644
--- a/sys/netinet6/ip6_input.c
+++ b/sys/netinet6/ip6_input.c
@@ -343,41 +343,9 @@ ip6_input(m)
goto bad;
}
-#ifdef PFIL_HOOKS
- /*
- * Run through list of hooks for input packets.
- *
- * NB: Beware of the destination address changing
- * (e.g. by NAT rewriting). When this happens,
- * tell ip6_forward to do the right thing.
- */
- odst = ip6->ip6_dst;
- if (pfil_run_hooks(&inet6_pfil_hook, &m, m->m_pkthdr.rcvif, PFIL_IN))
- return;
- if (m == NULL) /* consumed by filter */
- return;
- ip6 = mtod(m, struct ip6_hdr *);
- srcrt = !IN6_ARE_ADDR_EQUAL(&odst, &ip6->ip6_dst);
-#endif /* PFIL_HOOKS */
-
ip6stat.ip6s_nxthist[ip6->ip6_nxt]++;
/*
- * Check with the firewall...
- */
- if (ip6_fw_enable && ip6_fw_chk_ptr) {
- u_short port = 0;
- /* If ipfw says divert, we have to just drop packet */
- /* use port as a dummy argument */
- if ((*ip6_fw_chk_ptr)(&ip6, NULL, &port, &m)) {
- m_freem(m);
- m = NULL;
- }
- if (!m)
- return;
- }
-
- /*
* Check against address spoofing/corruption.
*/
if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_src) ||
@@ -456,6 +424,38 @@ ip6_input(m)
}
}
+#ifdef PFIL_HOOKS
+ /*
+ * Run through list of hooks for input packets.
+ *
+ * NB: Beware of the destination address changing
+ * (e.g. by NAT rewriting). When this happens,
+ * tell ip6_forward to do the right thing.
+ */
+ odst = ip6->ip6_dst;
+ if (pfil_run_hooks(&inet6_pfil_hook, &m, m->m_pkthdr.rcvif, PFIL_IN))
+ return;
+ if (m == NULL) /* consumed by filter */
+ return;
+ ip6 = mtod(m, struct ip6_hdr *);
+ srcrt = !IN6_ARE_ADDR_EQUAL(&odst, &ip6->ip6_dst);
+#endif /* PFIL_HOOKS */
+
+ /*
+ * Check with the firewall...
+ */
+ if (ip6_fw_enable && ip6_fw_chk_ptr) {
+ u_short port = 0;
+ /* If ipfw says divert, we have to just drop packet */
+ /* use port as a dummy argument */
+ if ((*ip6_fw_chk_ptr)(&ip6, NULL, &port, &m)) {
+ m_freem(m);
+ m = NULL;
+ }
+ if (!m)
+ return;
+ }
+
/*
* construct source and destination address structures with
* disambiguating their scope zones (if there is ambiguity).
OpenPOWER on IntegriCloud