Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/net/npf PR kern/56052:
details: https://anonhg.NetBSD.org/src/rev/1acc58ce0307
branches: trunk
changeset: 373484:1acc58ce0307
user: kardel <kardel%NetBSD.org@localhost>
date: Sun Feb 12 13:38:37 2023 +0000
description:
PR kern/56052:
allow block-return packets passed through without rule matching.
Included up-stream as https://github.com/rmind/npf/pull/115
diffstat:
sys/net/npf/npf.h | 1 +
sys/net/npf/npf_mbuf.c | 19 +++++++++++++++----
sys/net/npf/npf_sendpkt.c | 8 +++++++-
3 files changed, 23 insertions(+), 5 deletions(-)
diffs (91 lines):
diff -r 869209be177c -r 1acc58ce0307 sys/net/npf/npf.h
--- a/sys/net/npf/npf.h Sun Feb 12 13:21:28 2023 +0000
+++ b/sys/net/npf/npf.h Sun Feb 12 13:38:37 2023 +0000
@@ -122,6 +122,7 @@
bool nbuf_cksum_barrier(nbuf_t *, int);
int nbuf_add_tag(nbuf_t *, uint32_t);
+int npf_mbuf_add_tag(nbuf_t *, struct mbuf *, uint32_t);
int nbuf_find_tag(nbuf_t *, uint32_t *);
/*
diff -r 869209be177c -r 1acc58ce0307 sys/net/npf/npf_mbuf.c
--- a/sys/net/npf/npf_mbuf.c Sun Feb 12 13:21:28 2023 +0000
+++ b/sys/net/npf/npf_mbuf.c Sun Feb 12 13:38:37 2023 +0000
@@ -36,7 +36,7 @@
#ifdef _KERNEL
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_mbuf.c,v 1.24 2020/05/30 14:16:56 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_mbuf.c,v 1.25 2023/02/12 13:38:37 kardel Exp $");
#include <sys/param.h>
#include <sys/mbuf.h>
@@ -297,14 +297,13 @@
}
/*
- * nbuf_add_tag: associate a tag with the network buffer.
+ * npf_mbuf_add_tag: associate a tag with the network buffer.
*
* => Returns 0 on success or error number on failure.
*/
int
-nbuf_add_tag(nbuf_t *nbuf, uint32_t val)
+npf_mbuf_add_tag(nbuf_t *nbuf, struct mbuf *m, uint32_t val)
{
- struct mbuf *m = nbuf->nb_mbuf0;
#ifdef _KERNEL
struct m_tag *mt;
uint32_t *dat;
@@ -328,6 +327,18 @@
}
/*
+ * nbuf_add_tag: associate a tag with the network buffer.
+ *
+ * => Returns 0 on success or error number on failure.
+ */
+int
+nbuf_add_tag(nbuf_t *nbuf, uint32_t val)
+{
+ struct mbuf *m = nbuf->nb_mbuf0;
+ return npf_mbuf_add_tag(nbuf, m, val);
+}
+
+/*
* nbuf_find_tag: find a tag associated with a network buffer.
*
* => Returns 0 on success or error number on failure.
diff -r 869209be177c -r 1acc58ce0307 sys/net/npf/npf_sendpkt.c
--- a/sys/net/npf/npf_sendpkt.c Sun Feb 12 13:21:28 2023 +0000
+++ b/sys/net/npf/npf_sendpkt.c Sun Feb 12 13:38:37 2023 +0000
@@ -33,7 +33,7 @@
#ifdef _KERNEL
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_sendpkt.c,v 1.22 2020/05/30 14:16:56 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_sendpkt.c,v 1.23 2023/02/12 13:38:37 kardel Exp $");
#include <sys/param.h>
#include <sys/types.h>
@@ -197,6 +197,9 @@
}
}
+ /* don't look at our generated reject packets going out */
+ (void)npf_mbuf_add_tag(npc->npc_nbuf, m, NPF_NTAG_PASS);
+
/* Pass to IP layer. */
if (npf_iscached(npc, NPC_IP4)) {
return ip_output(m, NULL, NULL, IP_FORWARDING, NULL, NULL);
@@ -215,6 +218,9 @@
{
struct mbuf *m = nbuf_head_mbuf(npc->npc_nbuf);
+ /* don't look at our generated reject packets going out */
+ (void)nbuf_add_tag(npc->npc_nbuf, NPF_NTAG_PASS);
+
if (npf_iscached(npc, NPC_IP4)) {
icmp_error(m, ICMP_UNREACH, ICMP_UNREACH_ADMIN_PROHIBIT, 0, 0);
return 0;
Home |
Main Index |
Thread Index |
Old Index