summaryrefslogtreecommitdiffstats
path: root/sys/netinet/tcp_input.c
diff options
context:
space:
mode:
Diffstat (limited to 'sys/netinet/tcp_input.c')
-rw-r--r--sys/netinet/tcp_input.c26
1 files changed, 19 insertions, 7 deletions
diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c
index 902044b..3b70e99 100644
--- a/sys/netinet/tcp_input.c
+++ b/sys/netinet/tcp_input.c
@@ -429,7 +429,9 @@ tcp_input(m, off0)
struct tcpopt to; /* options in this segment */
struct rmxp_tao tao; /* our TAO cache entry */
int headlocked = 0;
- struct sockaddr_in *next_hop = NULL;
+#ifdef IPFIREWALL_FORWARD
+ struct m_tag *fwd_tag;
+#endif
int rstreason; /* For badport_bandlim accounting purposes */
struct ip6_hdr *ip6 = NULL;
@@ -449,8 +451,6 @@ tcp_input(m, off0)
short ostate = 0;
#endif
- /* Grab info from PACKET_TAG_IPFORWARD tag prepended to the chain. */
- next_hop = m_claim_next(m, PACKET_TAG_IPFORWARD);
#ifdef INET6
isipv6 = (mtod(m, struct ip *)->ip_v == 6) ? 1 : 0;
#endif
@@ -611,17 +611,24 @@ tcp_input(m, off0)
INP_INFO_WLOCK(&tcbinfo);
headlocked = 1;
findpcb:
- /* IPFIREWALL_FORWARD section */
- if (next_hop != NULL && isipv6 == 0) { /* IPv6 support is not yet */
+#ifdef IPFIREWALL_FORWARD
+ /* Grab info from PACKET_TAG_IPFORWARD tag prepended to the chain. */
+ fwd_tag = m_tag_find(m, PACKET_TAG_IPFORWARD, NULL);
+
+ if (fwd_tag != NULL && isipv6 == 0) { /* IPv6 support is not yet */
+ struct sockaddr_in *next_hop;
+
+ next_hop = (struct sockaddr_in *)(fwd_tag+1);
/*
* Transparently forwarded. Pretend to be the destination.
* already got one like this?
*/
- inp = in_pcblookup_hash(&tcbinfo, ip->ip_src, th->th_sport,
+ inp = in_pcblookup_hash(&tcbinfo,
+ ip->ip_src, th->th_sport,
ip->ip_dst, th->th_dport,
0, m->m_pkthdr.rcvif);
if (!inp) {
- /* It's new. Try find the ambushing socket. */
+ /* It's new. Try to find the ambushing socket. */
inp = in_pcblookup_hash(&tcbinfo,
ip->ip_src, th->th_sport,
next_hop->sin_addr,
@@ -630,7 +637,10 @@ findpcb:
th->th_dport,
1, m->m_pkthdr.rcvif);
}
+ /* Remove the tag from the packet. We don't need it anymore. */
+ m_tag_delete(m, fwd_tag);
} else {
+#endif /* IPFIREWALL_FORWARD */
if (isipv6) {
#ifdef INET6
inp = in6_pcblookup_hash(&tcbinfo,
@@ -643,7 +653,9 @@ findpcb:
ip->ip_src, th->th_sport,
ip->ip_dst, th->th_dport,
1, m->m_pkthdr.rcvif);
+#ifdef IPFIREWALL_FORWARD
}
+#endif /* IPFIREWALL_FORWARD */
#if defined(IPSEC) || defined(FAST_IPSEC)
#ifdef INET6
OpenPOWER on IntegriCloud