[src/netbsd-9]: src/sys/net/npf Pull up following revision(s) (requested by k...

[martin <martin%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/14a2ecb5924e
branches:  netbsd-9
changeset: 373898:14a2ecb5924e
user:      martin <martin%NetBSD.org@localhost>
date:      Tue Mar 14 17:11:13 2023 +0000

description:
Pull up following revision(s) (requested by kardel in ticket #119):

        sys/net/npf/npf_mbuf.c: revision 1.25
        sys/net/npf/npf.h: revision 1.64
        sys/net/npf/npf_sendpkt.c: revision 1.23

PR kern/56052:
allow block-return packets passed through without rule matching.
Included up-stream ashttps://github.com/rmind/npf/pull/115

diffstat:

 sys/net/npf/npf.h         |   1 +
 sys/net/npf/npf_mbuf.c    |  19 +++++++++++++++----
 sys/net/npf/npf_sendpkt.c |   8 +++++++-
 3 files changed, 23 insertions(+), 5 deletions(-)

diffs (91 lines):

diff -r 3b1ddb79e899 -r 14a2ecb5924e sys/net/npf/npf.h
--- a/sys/net/npf/npf.h Tue Mar 14 17:04:51 2023 +0000
+++ b/sys/net/npf/npf.h Tue Mar 14 17:11:13 2023 +0000
@@ -122,6 +122,7 @@
 
 bool           nbuf_cksum_barrier(nbuf_t *, int);
 int            nbuf_add_tag(nbuf_t *, uint32_t);
+int            npf_mbuf_add_tag(nbuf_t *, struct mbuf *, uint32_t);
 int            nbuf_find_tag(nbuf_t *, uint32_t *);
 
 /*
diff -r 3b1ddb79e899 -r 14a2ecb5924e sys/net/npf/npf_mbuf.c
--- a/sys/net/npf/npf_mbuf.c    Tue Mar 14 17:04:51 2023 +0000
+++ b/sys/net/npf/npf_mbuf.c    Tue Mar 14 17:11:13 2023 +0000
@@ -36,7 +36,7 @@
 
 #ifdef _KERNEL
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_mbuf.c,v 1.22.4.1 2020/06/20 15:46:47 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_mbuf.c,v 1.22.4.2 2023/03/14 17:11:13 martin Exp $");
 
 #include <sys/param.h>
 #include <sys/mbuf.h>
@@ -297,14 +297,13 @@
 }
 
 /*
- * nbuf_add_tag: associate a tag with the network buffer.
+ * npf_mbuf_add_tag: associate a tag with the network buffer.
  *
  * => Returns 0 on success or error number on failure.
  */
 int
-nbuf_add_tag(nbuf_t *nbuf, uint32_t val)
+npf_mbuf_add_tag(nbuf_t *nbuf, struct mbuf *m, uint32_t val)
 {
-       struct mbuf *m = nbuf->nb_mbuf0;
 #ifdef _KERNEL
        struct m_tag *mt;
        uint32_t *dat;
@@ -328,6 +327,18 @@
 }
 
 /*
+ * nbuf_add_tag: associate a tag with the network buffer.
+ *
+ * => Returns 0 on success or error number on failure.
+ */
+int
+nbuf_add_tag(nbuf_t *nbuf, uint32_t val)
+{
+       struct mbuf *m = nbuf->nb_mbuf0;
+       return npf_mbuf_add_tag(nbuf, m, val);
+}
+
+/*
  * nbuf_find_tag: find a tag associated with a network buffer.
  *
  * => Returns 0 on success or error number on failure.
diff -r 3b1ddb79e899 -r 14a2ecb5924e sys/net/npf/npf_sendpkt.c
--- a/sys/net/npf/npf_sendpkt.c Tue Mar 14 17:04:51 2023 +0000
+++ b/sys/net/npf/npf_sendpkt.c Tue Mar 14 17:11:13 2023 +0000
@@ -33,7 +33,7 @@
 
 #ifdef _KERNEL
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_sendpkt.c,v 1.21.4.1 2020/06/20 15:46:47 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_sendpkt.c,v 1.21.4.2 2023/03/14 17:11:13 martin Exp $");
 
 #include <sys/param.h>
 #include <sys/types.h>
@@ -197,6 +197,9 @@
                }
        }
 
+       /* don't look at our generated reject packets going out */
+       (void)npf_mbuf_add_tag(npc->npc_nbuf, m, NPF_NTAG_PASS);
+
        /* Pass to IP layer. */
        if (npf_iscached(npc, NPC_IP4)) {
                return ip_output(m, NULL, NULL, IP_FORWARDING, NULL, NULL);
@@ -215,6 +218,9 @@
 {
        struct mbuf *m = nbuf_head_mbuf(npc->npc_nbuf);
 
+       /* don't look at our generated reject packets going out */
+       (void)nbuf_add_tag(npc->npc_nbuf, NPF_NTAG_PASS);
+
        if (npf_iscached(npc, NPC_IP4)) {
                icmp_error(m, ICMP_UNREACH, ICMP_UNREACH_ADMIN_PROHIBIT, 0, 0);
                return 0;