Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/sys/net/npf PR kern/56052:



details:   https://anonhg.NetBSD.org/src/rev/1acc58ce0307
branches:  trunk
changeset: 373484:1acc58ce0307
user:      kardel <kardel%NetBSD.org@localhost>
date:      Sun Feb 12 13:38:37 2023 +0000

description:
PR kern/56052:
allow block-return packets passed through without rule matching.
Included up-stream as https://github.com/rmind/npf/pull/115

diffstat:

 sys/net/npf/npf.h         |   1 +
 sys/net/npf/npf_mbuf.c    |  19 +++++++++++++++----
 sys/net/npf/npf_sendpkt.c |   8 +++++++-
 3 files changed, 23 insertions(+), 5 deletions(-)

diffs (91 lines):

diff -r 869209be177c -r 1acc58ce0307 sys/net/npf/npf.h
--- a/sys/net/npf/npf.h Sun Feb 12 13:21:28 2023 +0000
+++ b/sys/net/npf/npf.h Sun Feb 12 13:38:37 2023 +0000
@@ -122,6 +122,7 @@
 
 bool           nbuf_cksum_barrier(nbuf_t *, int);
 int            nbuf_add_tag(nbuf_t *, uint32_t);
+int            npf_mbuf_add_tag(nbuf_t *, struct mbuf *, uint32_t);
 int            nbuf_find_tag(nbuf_t *, uint32_t *);
 
 /*
diff -r 869209be177c -r 1acc58ce0307 sys/net/npf/npf_mbuf.c
--- a/sys/net/npf/npf_mbuf.c    Sun Feb 12 13:21:28 2023 +0000
+++ b/sys/net/npf/npf_mbuf.c    Sun Feb 12 13:38:37 2023 +0000
@@ -36,7 +36,7 @@
 
 #ifdef _KERNEL
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_mbuf.c,v 1.24 2020/05/30 14:16:56 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_mbuf.c,v 1.25 2023/02/12 13:38:37 kardel Exp $");
 
 #include <sys/param.h>
 #include <sys/mbuf.h>
@@ -297,14 +297,13 @@
 }
 
 /*
- * nbuf_add_tag: associate a tag with the network buffer.
+ * npf_mbuf_add_tag: associate a tag with the network buffer.
  *
  * => Returns 0 on success or error number on failure.
  */
 int
-nbuf_add_tag(nbuf_t *nbuf, uint32_t val)
+npf_mbuf_add_tag(nbuf_t *nbuf, struct mbuf *m, uint32_t val)
 {
-       struct mbuf *m = nbuf->nb_mbuf0;
 #ifdef _KERNEL
        struct m_tag *mt;
        uint32_t *dat;
@@ -328,6 +327,18 @@
 }
 
 /*
+ * nbuf_add_tag: associate a tag with the network buffer.
+ *
+ * => Returns 0 on success or error number on failure.
+ */
+int
+nbuf_add_tag(nbuf_t *nbuf, uint32_t val)
+{
+       struct mbuf *m = nbuf->nb_mbuf0;
+       return npf_mbuf_add_tag(nbuf, m, val);
+}
+
+/*
  * nbuf_find_tag: find a tag associated with a network buffer.
  *
  * => Returns 0 on success or error number on failure.
diff -r 869209be177c -r 1acc58ce0307 sys/net/npf/npf_sendpkt.c
--- a/sys/net/npf/npf_sendpkt.c Sun Feb 12 13:21:28 2023 +0000
+++ b/sys/net/npf/npf_sendpkt.c Sun Feb 12 13:38:37 2023 +0000
@@ -33,7 +33,7 @@
 
 #ifdef _KERNEL
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_sendpkt.c,v 1.22 2020/05/30 14:16:56 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_sendpkt.c,v 1.23 2023/02/12 13:38:37 kardel Exp $");
 
 #include <sys/param.h>
 #include <sys/types.h>
@@ -197,6 +197,9 @@
                }
        }
 
+       /* don't look at our generated reject packets going out */
+       (void)npf_mbuf_add_tag(npc->npc_nbuf, m, NPF_NTAG_PASS);
+
        /* Pass to IP layer. */
        if (npf_iscached(npc, NPC_IP4)) {
                return ip_output(m, NULL, NULL, IP_FORWARDING, NULL, NULL);
@@ -215,6 +218,9 @@
 {
        struct mbuf *m = nbuf_head_mbuf(npc->npc_nbuf);
 
+       /* don't look at our generated reject packets going out */
+       (void)nbuf_add_tag(npc->npc_nbuf, NPF_NTAG_PASS);
+
        if (npf_iscached(npc, NPC_IP4)) {
                icmp_error(m, ICMP_UNREACH, ICMP_UNREACH_ADMIN_PROHIBIT, 0, 0);
                return 0;



Home | Main Index | Thread Index | Old Index