diff options
author | glebius <glebius@FreeBSD.org> | 2012-10-06 10:02:11 +0000 |
---|---|---|
committer | glebius <glebius@FreeBSD.org> | 2012-10-06 10:02:11 +0000 |
commit | f3a0231bff618f3752bf9f6827708edc3063f57d (patch) | |
tree | 889546ddb486b4afbf10cf3344d3d84a4620dcb4 /sys/netpfil/pf/pf_ioctl.c | |
parent | 30f3c300d8d28e84a49c574e8bd0db454de92910 (diff) | |
download | FreeBSD-src-f3a0231bff618f3752bf9f6827708edc3063f57d.zip FreeBSD-src-f3a0231bff618f3752bf9f6827708edc3063f57d.tar.gz |
A step in resolving mess with byte ordering for AF_INET. After this change:
- All packets in NETISR_IP queue are in net byte order.
- ip_input() is entered in net byte order and converts packet
to host byte order right _after_ processing pfil(9) hooks.
- ip_output() is entered in host byte order and converts packet
to net byte order right _before_ processing pfil(9) hooks.
- ip_fragment() accepts and emits packet in net byte order.
- ip_forward(), ip_mloopback() use host byte order (untouched actually).
- ip_fastforward() no longer modifies packet at all (except ip_ttl).
- Swapping of byte order there and back removed from the following modules:
pf(4), ipfw(4), enc(4), if_bridge(4).
- Swapping of byte order added to ipfilter(4), based on __FreeBSD_version
- __FreeBSD_version bumped.
- pfil(9) manual page updated.
Reviewed by: ray, luigi, eri, melifaro
Tested by: glebius (LE), ray (BE)
Diffstat (limited to 'sys/netpfil/pf/pf_ioctl.c')
-rw-r--r-- | sys/netpfil/pf/pf_ioctl.c | 56 |
1 files changed, 5 insertions, 51 deletions
diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c index 4047df5..3037725 100644 --- a/sys/netpfil/pf/pf_ioctl.c +++ b/sys/netpfil/pf/pf_ioctl.c @@ -3473,23 +3473,8 @@ static int pf_check_in(void *arg, struct mbuf **m, struct ifnet *ifp, int dir, struct inpcb *inp) { - /* - * XXX Wed Jul 9 22:03:16 2003 UTC - * OpenBSD has changed its byte ordering convention on ip_len/ip_off - * in network stack. OpenBSD's network stack have converted - * ip_len/ip_off to host byte order frist as FreeBSD. - * Now this is not true anymore , so we should convert back to network - * byte order. - */ - struct ip *h = NULL; int chk; - if ((*m)->m_pkthdr.len >= (int)sizeof(struct ip)) { - /* if m_pkthdr.len is less than ip header, pf will handle. */ - h = mtod(*m, struct ip *); - HTONS(h->ip_len); - HTONS(h->ip_off); - } CURVNET_SET(ifp->if_vnet); chk = pf_test(PF_IN, ifp, m, inp); CURVNET_RESTORE(); @@ -3497,28 +3482,14 @@ pf_check_in(void *arg, struct mbuf **m, struct ifnet *ifp, int dir, m_freem(*m); *m = NULL; } - if (*m != NULL) { - /* pf_test can change ip header location */ - h = mtod(*m, struct ip *); - NTOHS(h->ip_len); - NTOHS(h->ip_off); - } - return chk; + + return (chk); } static int pf_check_out(void *arg, struct mbuf **m, struct ifnet *ifp, int dir, struct inpcb *inp) { - /* - * XXX Wed Jul 9 22:03:16 2003 UTC - * OpenBSD has changed its byte ordering convention on ip_len/ip_off - * in network stack. OpenBSD's network stack have converted - * ip_len/ip_off to host byte order frist as FreeBSD. - * Now this is not true anymore , so we should convert back to network - * byte order. - */ - struct ip *h = NULL; int chk; /* We need a proper CSUM befor we start (s. OpenBSD ip_output) */ @@ -3526,12 +3497,7 @@ pf_check_out(void *arg, struct mbuf **m, struct ifnet *ifp, int dir, in_delayed_cksum(*m); (*m)->m_pkthdr.csum_flags &= ~CSUM_DELAY_DATA; } - if ((*m)->m_pkthdr.len >= (int)sizeof(*h)) { - /* if m_pkthdr.len is less than ip header, pf will handle. */ - h = mtod(*m, struct ip *); - HTONS(h->ip_len); - HTONS(h->ip_off); - } + CURVNET_SET(ifp->if_vnet); chk = pf_test(PF_OUT, ifp, m, inp); CURVNET_RESTORE(); @@ -3539,13 +3505,8 @@ pf_check_out(void *arg, struct mbuf **m, struct ifnet *ifp, int dir, m_freem(*m); *m = NULL; } - if (*m != NULL) { - /* pf_test can change ip header location */ - h = mtod(*m, struct ip *); - NTOHS(h->ip_len); - NTOHS(h->ip_off); - } - return chk; + + return (chk); } #endif @@ -3554,10 +3515,6 @@ static int pf_check6_in(void *arg, struct mbuf **m, struct ifnet *ifp, int dir, struct inpcb *inp) { - - /* - * IPv6 is not affected by ip_len/ip_off byte order changes. - */ int chk; /* @@ -3579,9 +3536,6 @@ static int pf_check6_out(void *arg, struct mbuf **m, struct ifnet *ifp, int dir, struct inpcb *inp) { - /* - * IPv6 does not affected ip_len/ip_off byte order changes. - */ int chk; /* We need a proper CSUM before we start (s. OpenBSD ip_output) */ |