git: 9a405864e0cf - main - pf: move the mbuf into struct pf_pdesc too
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 10 Oct 2024 12:37:31 UTC
The branch main has been updated by kp:
URL: https://cgit.FreeBSD.org/src/commit/?id=9a405864e0cf7d794ba067fa762b5d3743cd7db5
commit 9a405864e0cf7d794ba067fa762b5d3743cd7db5
Author: Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2024-10-03 17:53:09 +0000
Commit: Kristof Provost <kp@FreeBSD.org>
CommitDate: 2024-10-10 12:10:42 +0000
pf: move the mbuf into struct pf_pdesc too
As requested by henning, move the mbuf pointer into struct pf_pdesc.
Also sort pd to the beginning of the functions' parameter lists for
consistency.
ok henning
Obtained from: OpenBSD, bluhm <bluhm@openbsd.org>, 776f210a75
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D46941
---
sys/net/if_pflog.h | 4 +-
sys/net/pfvar.h | 42 ++--
sys/netpfil/pf/if_pflog.c | 14 +-
sys/netpfil/pf/pf.c | 470 ++++++++++++++++++++---------------------
sys/netpfil/pf/pf_lb.c | 30 +--
sys/netpfil/pf/pf_norm.c | 110 +++++-----
sys/netpfil/pf/pf_osfp.c | 9 +-
sys/netpfil/pf/pf_syncookies.c | 13 +-
8 files changed, 338 insertions(+), 354 deletions(-)
diff --git a/sys/net/if_pflog.h b/sys/net/if_pflog.h
index 0f8caef5fe8b..b2052d5bd5f3 100644
--- a/sys/net/if_pflog.h
+++ b/sys/net/if_pflog.h
@@ -69,9 +69,9 @@ struct pf_ruleset;
struct pfi_kif;
struct pf_pdesc;
-#define PFLOG_PACKET(a,b,t,c,d,e,f,g) do { \
+#define PFLOG_PACKET(b,t,c,d,e,f,g) do { \
if (pflog_packet_ptr != NULL) \
- pflog_packet_ptr(a,b,t,c,d,e,f,g); \
+ pflog_packet_ptr(b,t,c,d,e,f,g); \
} while (0)
#endif /* _KERNEL */
#endif /* _NET_IF_PFLOG_H_ */
diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h
index f88a619dd184..30be1128d4d3 100644
--- a/sys/net/pfvar.h
+++ b/sys/net/pfvar.h
@@ -1249,7 +1249,7 @@ void pf_state_export(struct pf_state_export *,
/* pflog */
struct pf_kruleset;
struct pf_pdesc;
-typedef int pflog_packet_t(struct mbuf *, uint8_t, u_int8_t,
+typedef int pflog_packet_t(uint8_t, u_int8_t,
struct pf_krule *, struct pf_krule *, struct pf_kruleset *,
struct pf_pdesc *, int);
extern pflog_packet_t *pflog_packet_ptr;
@@ -1598,6 +1598,7 @@ struct pf_pdesc {
} hdr;
struct pfi_kkif *kif; /* incomming interface */
+ struct mbuf *m;
struct pf_addr *src; /* src address */
struct pf_addr *dst; /* dst address */
@@ -1650,7 +1651,6 @@ struct pf_sctp_multihome_job {
struct pf_pdesc pd;
struct pf_addr src;
struct pf_addr dst;
- struct mbuf *m;
int op;
};
@@ -2355,7 +2355,7 @@ extern void pf_addrcpy(struct pf_addr *, struct pf_addr *,
void pf_free_rule(struct pf_krule *);
int pf_test_eth(int, int, struct ifnet *, struct mbuf **, struct inpcb *);
-int pf_scan_sctp(struct mbuf *, struct pf_pdesc *);
+int pf_scan_sctp(struct pf_pdesc *);
#if defined(INET) || defined(INET6)
int pf_test(sa_family_t, int, int, struct ifnet *, struct mbuf **, struct inpcb *,
struct pf_rule_actions *);
@@ -2375,8 +2375,8 @@ int pf_max_frag_size(struct mbuf *);
int pf_refragment6(struct ifnet *, struct mbuf **, struct m_tag *, bool);
#endif /* INET6 */
-int pf_multihome_scan_init(struct mbuf *, int, int, struct pf_pdesc *);
-int pf_multihome_scan_asconf(struct mbuf *, int, int, struct pf_pdesc *);
+int pf_multihome_scan_init(int, int, struct pf_pdesc *);
+int pf_multihome_scan_asconf(int, int, struct pf_pdesc *);
u_int32_t pf_new_isn(struct pf_kstate *);
void *pf_pull_hdr(const struct mbuf *, int, void *, int, u_short *, u_short *,
@@ -2398,23 +2398,23 @@ int pf_match_port(u_int8_t, u_int16_t, u_int16_t, u_int16_t);
void pf_normalize_init(void);
void pf_normalize_cleanup(void);
-int pf_normalize_tcp(struct mbuf *, struct pf_pdesc *);
+int pf_normalize_tcp(struct pf_pdesc *);
void pf_normalize_tcp_cleanup(struct pf_kstate *);
-int pf_normalize_tcp_init(struct mbuf *, struct pf_pdesc *,
+int pf_normalize_tcp_init(struct pf_pdesc *,
struct tcphdr *, struct pf_state_peer *, struct pf_state_peer *);
-int pf_normalize_tcp_stateful(struct mbuf *, struct pf_pdesc *,
+int pf_normalize_tcp_stateful(struct pf_pdesc *,
u_short *, struct tcphdr *, struct pf_kstate *,
struct pf_state_peer *, struct pf_state_peer *, int *);
-int pf_normalize_sctp_init(struct mbuf *, struct pf_pdesc *,
+int pf_normalize_sctp_init(struct pf_pdesc *,
struct pf_state_peer *, struct pf_state_peer *);
-int pf_normalize_sctp(struct mbuf *, struct pf_pdesc *);
+int pf_normalize_sctp(struct pf_pdesc *);
u_int32_t
pf_state_expires(const struct pf_kstate *);
void pf_purge_expired_fragments(void);
void pf_purge_fragments(uint32_t);
int pf_routable(struct pf_addr *addr, sa_family_t af, struct pfi_kkif *,
int);
-int pf_socket_lookup(struct pf_pdesc *, struct mbuf *);
+int pf_socket_lookup(struct pf_pdesc *);
struct pf_state_key *pf_alloc_state_key(int);
void pfr_initialize(void);
void pfr_cleanup(void);
@@ -2482,12 +2482,12 @@ int pfi_set_flags(const char *, int);
int pfi_clear_flags(const char *, int);
int pf_match_tag(struct mbuf *, struct pf_krule *, int *, int);
-int pf_tag_packet(struct mbuf *, struct pf_pdesc *, int);
+int pf_tag_packet(struct pf_pdesc *, int);
int pf_addr_cmp(struct pf_addr *, struct pf_addr *,
sa_family_t);
-u_int16_t pf_get_mss(struct mbuf *, struct pf_pdesc *);
-u_int8_t pf_get_wscale(struct mbuf *, struct pf_pdesc *);
+u_int16_t pf_get_mss(struct pf_pdesc *);
+u_int8_t pf_get_wscale(struct pf_pdesc *);
struct mbuf *pf_build_tcp(const struct pf_krule *, sa_family_t,
const struct pf_addr *, const struct pf_addr *,
u_int16_t, u_int16_t, u_int32_t, u_int32_t,
@@ -2504,8 +2504,7 @@ void pf_syncookies_cleanup(void);
int pf_get_syncookies(struct pfioc_nv *);
int pf_set_syncookies(struct pfioc_nv *);
int pf_synflood_check(struct pf_pdesc *);
-void pf_syncookie_send(struct mbuf *m,
- struct pf_pdesc *);
+void pf_syncookie_send(struct pf_pdesc *);
bool pf_syncookie_check(struct pf_pdesc *);
u_int8_t pf_syncookie_validate(struct pf_pdesc *);
struct mbuf * pf_syncookie_recreate_syn(struct pf_pdesc *);
@@ -2590,8 +2589,7 @@ void pf_addr_copyout(struct pf_addr_wrap *);
int pf_osfp_add(struct pf_osfp_ioctl *);
#ifdef _KERNEL
struct pf_osfp_enlist *
- pf_osfp_fingerprint(struct pf_pdesc *, struct mbuf *,
- const struct tcphdr *);
+ pf_osfp_fingerprint(struct pf_pdesc *, const struct tcphdr *);
#endif /* _KERNEL */
void pf_osfp_flush(void);
int pf_osfp_get(struct pf_osfp_ioctl *);
@@ -2622,7 +2620,7 @@ u_short pf_map_addr_sn(u_int8_t, struct pf_krule *,
struct pf_addr *, struct pf_addr *,
struct pfi_kkif **nkif, struct pf_addr *,
struct pf_ksrc_node **);
-u_short pf_get_translation(struct pf_pdesc *, struct mbuf *,
+u_short pf_get_translation(struct pf_pdesc *,
int, struct pf_ksrc_node **,
struct pf_state_key **, struct pf_state_key **,
struct pf_addr *, struct pf_addr *,
@@ -2630,14 +2628,14 @@ u_short pf_get_translation(struct pf_pdesc *, struct mbuf *,
struct pf_krule **,
struct pf_udp_mapping **udp_mapping);
-struct pf_state_key *pf_state_key_setup(struct pf_pdesc *, struct mbuf *,
+struct pf_state_key *pf_state_key_setup(struct pf_pdesc *,
struct pf_addr *, struct pf_addr *, u_int16_t, u_int16_t);
struct pf_state_key *pf_state_key_clone(const struct pf_state_key *);
void pf_rule_to_actions(struct pf_krule *,
struct pf_rule_actions *);
-int pf_normalize_mss(struct mbuf *m, struct pf_pdesc *pd);
+int pf_normalize_mss(struct pf_pdesc *pd);
#if defined(INET) || defined(INET6)
-void pf_scrub(struct mbuf *, struct pf_pdesc *);
+void pf_scrub(struct pf_pdesc *);
#endif
struct pfi_kkif *pf_kkif_create(int);
diff --git a/sys/netpfil/pf/if_pflog.c b/sys/netpfil/pf/if_pflog.c
index 4db178b8f279..3cd7cd1f2ddc 100644
--- a/sys/netpfil/pf/if_pflog.c
+++ b/sys/netpfil/pf/if_pflog.c
@@ -213,14 +213,14 @@ pflogioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
}
static int
-pflog_packet(struct mbuf *m, uint8_t action, u_int8_t reason,
+pflog_packet(uint8_t action, u_int8_t reason,
struct pf_krule *rm, struct pf_krule *am,
struct pf_kruleset *ruleset, struct pf_pdesc *pd, int lookupsafe)
{
struct ifnet *ifn;
struct pfloghdr hdr;
- if (m == NULL || rm == NULL || pd == NULL)
+ if (rm == NULL || pd == NULL)
return (1);
ifn = V_pflogifs[rm->logif];
@@ -251,7 +251,7 @@ pflog_packet(struct mbuf *m, uint8_t action, u_int8_t reason,
* These conditions are very very rare, however.
*/
if (rm->log & PF_LOG_SOCKET_LOOKUP && !pd->lookup.done && lookupsafe)
- pd->lookup.done = pf_socket_lookup(pd, m);
+ pd->lookup.done = pf_socket_lookup(pd);
if (pd->lookup.done > 0)
hdr.uid = pd->lookup.uid;
else
@@ -265,15 +265,15 @@ pflog_packet(struct mbuf *m, uint8_t action, u_int8_t reason,
if (pd->af == AF_INET && pd->dir == PF_OUT) {
struct ip *ip;
- ip = mtod(m, struct ip *);
+ ip = mtod(pd->m, struct ip *);
ip->ip_sum = 0;
- ip->ip_sum = in_cksum(m, ip->ip_hl << 2);
+ ip->ip_sum = in_cksum(pd->m, ip->ip_hl << 2);
}
#endif /* INET */
if_inc_counter(ifn, IFCOUNTER_OPACKETS, 1);
- if_inc_counter(ifn, IFCOUNTER_OBYTES, m->m_pkthdr.len);
- bpf_mtap2(ifn->if_bpf, &hdr, PFLOG_HDRLEN, m);
+ if_inc_counter(ifn, IFCOUNTER_OBYTES, pd->m->m_pkthdr.len);
+ bpf_mtap2(ifn->if_bpf, &hdr, PFLOG_HDRLEN, pd->m);
return (0);
}
diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
index 993feff92233..216d5805b11e 100644
--- a/sys/netpfil/pf/pf.c
+++ b/sys/netpfil/pf/pf.c
@@ -294,7 +294,7 @@ static int pf_check_threshold(struct pf_threshold *);
static void pf_change_ap(struct mbuf *, struct pf_addr *, u_int16_t *,
u_int16_t *, u_int16_t *, struct pf_addr *,
u_int16_t, u_int8_t, sa_family_t);
-static int pf_modulate_sack(struct mbuf *, struct pf_pdesc *,
+static int pf_modulate_sack(struct pf_pdesc *,
struct tcphdr *, struct pf_state_peer *);
int pf_icmp_mapping(struct pf_pdesc *, u_int8_t, int *,
int *, u_int16_t *, u_int16_t *);
@@ -320,39 +320,39 @@ static int pf_dummynet_route(struct pf_pdesc *,
static int pf_test_eth_rule(int, struct pfi_kkif *,
struct mbuf **);
static int pf_test_rule(struct pf_krule **, struct pf_kstate **,
- struct mbuf *, struct pf_pdesc *, struct pf_krule **,
+ struct pf_pdesc *, struct pf_krule **,
struct pf_kruleset **, struct inpcb *);
static int pf_create_state(struct pf_krule *, struct pf_krule *,
struct pf_krule *, struct pf_pdesc *,
struct pf_ksrc_node *, struct pf_state_key *,
- struct pf_state_key *, struct mbuf *,
+ struct pf_state_key *,
u_int16_t, u_int16_t, int *,
struct pf_kstate **, int, u_int16_t, u_int16_t,
struct pf_krule_slist *, struct pf_udp_mapping *);
-static int pf_state_key_addr_setup(struct pf_pdesc *, struct mbuf *,
+static int pf_state_key_addr_setup(struct pf_pdesc *,
struct pf_state_key_cmp *, int, struct pf_addr *,
int, struct pf_addr *, int);
static int pf_tcp_track_full(struct pf_kstate **,
- struct mbuf *, struct pf_pdesc *, u_short *, int *);
+ struct pf_pdesc *, u_short *, int *);
static int pf_tcp_track_sloppy(struct pf_kstate **,
struct pf_pdesc *, u_short *);
static int pf_test_state_tcp(struct pf_kstate **,
- struct mbuf *, struct pf_pdesc *, u_short *);
+ struct pf_pdesc *, u_short *);
static int pf_test_state_udp(struct pf_kstate **,
- struct mbuf *, struct pf_pdesc *);
+ struct pf_pdesc *);
int pf_icmp_state_lookup(struct pf_state_key_cmp *,
- struct pf_pdesc *, struct pf_kstate **, struct mbuf *,
+ struct pf_pdesc *, struct pf_kstate **,
int, u_int16_t, u_int16_t,
int, int *, int, int);
-static int pf_test_state_icmp(struct pf_kstate **, struct mbuf *,
+static int pf_test_state_icmp(struct pf_kstate **,
struct pf_pdesc *, u_short *);
static void pf_sctp_multihome_detach_addr(const struct pf_kstate *);
static void pf_sctp_multihome_delayed(struct pf_pdesc *,
struct pfi_kkif *, struct pf_kstate *, int);
-static int pf_test_state_sctp(struct pf_kstate **, struct mbuf *,
+static int pf_test_state_sctp(struct pf_kstate **,
struct pf_pdesc *, u_short *);
static int pf_test_state_other(struct pf_kstate **,
- struct mbuf *, struct pf_pdesc *);
+ struct pf_pdesc *);
static u_int16_t pf_calc_mss(struct pf_addr *, sa_family_t,
int, u_int16_t);
static int pf_check_proto_cksum(struct mbuf *, int, int,
@@ -1561,7 +1561,7 @@ pf_state_key_ctor(void *mem, int size, void *arg, int flags)
}
static int
-pf_state_key_addr_setup(struct pf_pdesc *pd, struct mbuf *m,
+pf_state_key_addr_setup(struct pf_pdesc *pd,
struct pf_state_key_cmp *key, int sidx, struct pf_addr *saddr,
int didx, struct pf_addr *daddr, int multi)
{
@@ -1577,7 +1577,7 @@ pf_state_key_addr_setup(struct pf_pdesc *pd, struct mbuf *m,
case ND_NEIGHBOR_SOLICIT:
if (multi)
return (-1);
- if (!pf_pull_hdr(m, pd->off, &nd, sizeof(nd), &action, &reason, pd->af))
+ if (!pf_pull_hdr(pd->m, pd->off, &nd, sizeof(nd), &action, &reason, pd->af))
return (-1);
target = (struct pf_addr *)&nd.nd_ns_target;
daddr = target;
@@ -1585,7 +1585,7 @@ pf_state_key_addr_setup(struct pf_pdesc *pd, struct mbuf *m,
case ND_NEIGHBOR_ADVERT:
if (multi)
return (-1);
- if (!pf_pull_hdr(m, pd->off, &nd, sizeof(nd), &action, &reason, pd->af))
+ if (!pf_pull_hdr(pd->m, pd->off, &nd, sizeof(nd), &action, &reason, pd->af))
return (-1);
target = (struct pf_addr *)&nd.nd_ns_target;
saddr = target;
@@ -1617,7 +1617,7 @@ copy:
}
struct pf_state_key *
-pf_state_key_setup(struct pf_pdesc *pd, struct mbuf *m,
+pf_state_key_setup(struct pf_pdesc *pd,
struct pf_addr *saddr, struct pf_addr *daddr, u_int16_t sport,
u_int16_t dport)
{
@@ -1627,7 +1627,7 @@ pf_state_key_setup(struct pf_pdesc *pd, struct mbuf *m,
if (sk == NULL)
return (NULL);
- if (pf_state_key_addr_setup(pd, m, (struct pf_state_key_cmp *)sk,
+ if (pf_state_key_addr_setup(pd, (struct pf_state_key_cmp *)sk,
pd->sidx, pd->src, pd->didx, pd->dst, 0)) {
uma_zfree(V_pf_state_key_z, sk);
return (NULL);
@@ -3272,8 +3272,8 @@ pf_change_icmp(struct pf_addr *ia, u_int16_t *ip, struct pf_addr *oa,
* (credits to Krzysztof Pfaff for report and patch)
*/
static int
-pf_modulate_sack(struct mbuf *m, struct pf_pdesc *pd,
- struct tcphdr *th, struct pf_state_peer *dst)
+pf_modulate_sack(struct pf_pdesc *pd, struct tcphdr *th,
+ struct pf_state_peer *dst)
{
int hlen = (th->th_off << 2) - sizeof(*th), thoptlen = hlen;
u_int8_t opts[TCP_MAXOLEN], *opt = opts;
@@ -3282,7 +3282,7 @@ pf_modulate_sack(struct mbuf *m, struct pf_pdesc *pd,
#define TCPOLEN_SACKLEN (TCPOLEN_SACK + 2)
if (hlen < TCPOLEN_SACKLEN ||
- !pf_pull_hdr(m, pd->off + sizeof(*th), opts, hlen, NULL, NULL, pd->af))
+ !pf_pull_hdr(pd->m, pd->off + sizeof(*th), opts, hlen, NULL, NULL, pd->af))
return 0;
while (hlen >= TCPOLEN_SACKLEN) {
@@ -3301,12 +3301,12 @@ pf_modulate_sack(struct mbuf *m, struct pf_pdesc *pd,
for (i = 2; i + TCPOLEN_SACK <= olen;
i += TCPOLEN_SACK) {
memcpy(&sack, &opt[i], sizeof(sack));
- pf_patch_32_unaligned(m,
+ pf_patch_32_unaligned(pd->m,
&th->th_sum, &sack.start,
htonl(ntohl(sack.start) - dst->seqdiff),
PF_ALGNMNT(startoff),
0);
- pf_patch_32_unaligned(m, &th->th_sum,
+ pf_patch_32_unaligned(pd->m, &th->th_sum,
&sack.end,
htonl(ntohl(sack.end) - dst->seqdiff),
PF_ALGNMNT(startoff),
@@ -3325,7 +3325,7 @@ pf_modulate_sack(struct mbuf *m, struct pf_pdesc *pd,
}
if (copyback)
- m_copyback(m, pd->off + sizeof(*th), thoptlen, (caddr_t)opts);
+ m_copyback(pd->m, pd->off + sizeof(*th), thoptlen, (caddr_t)opts);
return (copyback);
}
@@ -3634,7 +3634,7 @@ pf_send_tcp(const struct pf_krule *r, sa_family_t af,
static void
pf_return(struct pf_krule *r, struct pf_krule *nr, struct pf_pdesc *pd,
- struct pf_state_key *sk, struct mbuf *m, struct tcphdr *th,
+ struct pf_state_key *sk, struct tcphdr *th,
u_int16_t bproto_sum, u_int16_t bip_sum,
u_short *reason, int rtableid)
{
@@ -3653,7 +3653,7 @@ pf_return(struct pf_krule *r, struct pf_krule *nr, struct pf_pdesc *pd,
*pd->proto_sum = bproto_sum;
if (pd->ip_sum)
*pd->ip_sum = bip_sum;
- m_copyback(m, pd->off, pd->hdrlen, pd->hdr.any);
+ m_copyback(pd->m, pd->off, pd->hdrlen, pd->hdr.any);
}
if (pd->proto == IPPROTO_TCP &&
((r->rule_flag & PFRULE_RETURNRST) ||
@@ -3661,7 +3661,7 @@ pf_return(struct pf_krule *r, struct pf_krule *nr, struct pf_pdesc *pd,
!(th->th_flags & TH_RST)) {
u_int32_t ack = ntohl(th->th_seq) + pd->p_len;
- if (pf_check_proto_cksum(m, pd->off, pd->tot_len - pd->off,
+ if (pf_check_proto_cksum(pd->m, pd->off, pd->tot_len - pd->off,
IPPROTO_TCP, pd->af))
REASON_SET(reason, PFRES_PROTCKSUM);
else {
@@ -3679,11 +3679,11 @@ pf_return(struct pf_krule *r, struct pf_krule *nr, struct pf_pdesc *pd,
pf_send_sctp_abort(pd->af, pd, r->return_ttl, rtableid);
} else if (pd->proto != IPPROTO_ICMP && pd->af == AF_INET &&
r->return_icmp)
- pf_send_icmp(m, r->return_icmp >> 8,
+ pf_send_icmp(pd->m, r->return_icmp >> 8,
r->return_icmp & 255, pd->af, r, rtableid);
else if (pd->proto != IPPROTO_ICMPV6 && pd->af == AF_INET6 &&
r->return_icmp6)
- pf_send_icmp(m, r->return_icmp6 >> 8,
+ pf_send_icmp(pd->m, r->return_icmp6 >> 8,
r->return_icmp6 & 255, pd->af, r, rtableid);
}
@@ -3950,12 +3950,12 @@ pf_match_rcvif(struct mbuf *m, struct pf_krule *r)
}
int
-pf_tag_packet(struct mbuf *m, struct pf_pdesc *pd, int tag)
+pf_tag_packet(struct pf_pdesc *pd, int tag)
{
KASSERT(tag > 0, ("%s: tag %d", __func__, tag));
- if (pd->pf_mtag == NULL && ((pd->pf_mtag = pf_get_mtag(m)) == NULL))
+ if (pd->pf_mtag == NULL && ((pd->pf_mtag = pf_get_mtag(pd->m)) == NULL))
return (ENOMEM);
pd->pf_mtag->tag = tag;
@@ -4278,7 +4278,7 @@ pf_rule_to_actions(struct pf_krule *r, struct pf_rule_actions *a)
}
int
-pf_socket_lookup(struct pf_pdesc *pd, struct mbuf *m)
+pf_socket_lookup(struct pf_pdesc *pd)
{
struct pf_addr *saddr, *daddr;
u_int16_t sport, dport;
@@ -4318,11 +4318,11 @@ pf_socket_lookup(struct pf_pdesc *pd, struct mbuf *m)
#ifdef INET
case AF_INET:
inp = in_pcblookup_mbuf(pi, saddr->v4, sport, daddr->v4,
- dport, INPLOOKUP_RLOCKPCB, NULL, m);
+ dport, INPLOOKUP_RLOCKPCB, NULL, pd->m);
if (inp == NULL) {
inp = in_pcblookup_mbuf(pi, saddr->v4, sport,
daddr->v4, dport, INPLOOKUP_WILDCARD |
- INPLOOKUP_RLOCKPCB, NULL, m);
+ INPLOOKUP_RLOCKPCB, NULL, pd->m);
if (inp == NULL)
return (-1);
}
@@ -4331,11 +4331,11 @@ pf_socket_lookup(struct pf_pdesc *pd, struct mbuf *m)
#ifdef INET6
case AF_INET6:
inp = in6_pcblookup_mbuf(pi, &saddr->v6, sport, &daddr->v6,
- dport, INPLOOKUP_RLOCKPCB, NULL, m);
+ dport, INPLOOKUP_RLOCKPCB, NULL, pd->m);
if (inp == NULL) {
inp = in6_pcblookup_mbuf(pi, &saddr->v6, sport,
&daddr->v6, dport, INPLOOKUP_WILDCARD |
- INPLOOKUP_RLOCKPCB, NULL, m);
+ INPLOOKUP_RLOCKPCB, NULL, pd->m);
if (inp == NULL)
return (-1);
}
@@ -4351,7 +4351,7 @@ pf_socket_lookup(struct pf_pdesc *pd, struct mbuf *m)
}
u_int8_t
-pf_get_wscale(struct mbuf *m, struct pf_pdesc *pd)
+pf_get_wscale(struct pf_pdesc *pd)
{
struct tcphdr *th = &pd->hdr.tcp;
int hlen;
@@ -4362,7 +4362,7 @@ pf_get_wscale(struct mbuf *m, struct pf_pdesc *pd)
hlen = th->th_off << 2; /* hlen <= sizeof(hdr) */
if (hlen <= sizeof(struct tcphdr))
return (0);
- if (!pf_pull_hdr(m, pd->off, hdr, hlen, NULL, NULL, pd->af))
+ if (!pf_pull_hdr(pd->m, pd->off, hdr, hlen, NULL, NULL, pd->af))
return (0);
opt = hdr + sizeof(struct tcphdr);
hlen -= sizeof(struct tcphdr);
@@ -4392,7 +4392,7 @@ pf_get_wscale(struct mbuf *m, struct pf_pdesc *pd)
}
u_int16_t
-pf_get_mss(struct mbuf *m, struct pf_pdesc *pd)
+pf_get_mss(struct pf_pdesc *pd)
{
struct tcphdr *th = &pd->hdr.tcp;
int hlen;
@@ -4403,7 +4403,7 @@ pf_get_mss(struct mbuf *m, struct pf_pdesc *pd)
hlen = th->th_off << 2; /* hlen <= sizeof(hdr) */
if (hlen <= sizeof(struct tcphdr))
return (0);
- if (!pf_pull_hdr(m, pd->off, hdr, hlen, NULL, NULL, pd->af))
+ if (!pf_pull_hdr(pd->m, pd->off, hdr, hlen, NULL, NULL, pd->af))
return (0);
opt = hdr + sizeof(struct tcphdr);
hlen -= sizeof(struct tcphdr);
@@ -4848,7 +4848,7 @@ pf_test_eth_rule(int dir, struct pfi_kkif *kif, struct mbuf **m0)
static int
pf_test_rule(struct pf_krule **rm, struct pf_kstate **sm,
- struct mbuf *m, struct pf_pdesc *pd, struct pf_krule **am,
+ struct pf_pdesc *pd, struct pf_krule **am,
struct pf_kruleset **rsm, struct inpcb *inp)
{
struct pf_krule *nr = NULL;
@@ -4938,7 +4938,7 @@ pf_test_rule(struct pf_krule **rm, struct pf_kstate **sm,
r = TAILQ_FIRST(pf_main_ruleset.rules[PF_RULESET_FILTER].active.ptr);
/* check packet for BINAT/NAT/RDR */
- transerror = pf_get_translation(pd, m, pd->off, &nsn, &sk,
+ transerror = pf_get_translation(pd, pd->off, &nsn, &sk,
&nk, saddr, daddr, sport, dport, anchor_stack, &nr, &udp_mapping);
switch (transerror) {
default:
@@ -4953,7 +4953,7 @@ pf_test_rule(struct pf_krule **rm, struct pf_kstate **sm,
KASSERT(nk != NULL, ("%s: null nk", __func__));
if (nr->log) {
- PFLOG_PACKET(m, PF_PASS, PFRES_MATCH, nr, a,
+ PFLOG_PACKET(PF_PASS, PFRES_MATCH, nr, a,
ruleset, pd, 1);
}
@@ -4967,7 +4967,7 @@ pf_test_rule(struct pf_krule **rm, struct pf_kstate **sm,
if (PF_ANEQ(saddr, &nk->addr[pd->sidx], pd->af) ||
nk->port[pd->sidx] != sport) {
- pf_change_ap(m, saddr, &th->th_sport, pd->ip_sum,
+ pf_change_ap(pd->m, saddr, &th->th_sport, pd->ip_sum,
&th->th_sum, &nk->addr[pd->sidx],
nk->port[pd->sidx], 0, pd->af);
pd->sport = &th->th_sport;
@@ -4976,7 +4976,7 @@ pf_test_rule(struct pf_krule **rm, struct pf_kstate **sm,
if (PF_ANEQ(daddr, &nk->addr[pd->didx], pd->af) ||
nk->port[pd->didx] != dport) {
- pf_change_ap(m, daddr, &th->th_dport, pd->ip_sum,
+ pf_change_ap(pd->m, daddr, &th->th_dport, pd->ip_sum,
&th->th_sum, &nk->addr[pd->didx],
nk->port[pd->didx], 0, pd->af);
dport = th->th_dport;
@@ -4990,7 +4990,7 @@ pf_test_rule(struct pf_krule **rm, struct pf_kstate **sm,
if (PF_ANEQ(saddr, &nk->addr[pd->sidx], pd->af) ||
nk->port[pd->sidx] != sport) {
- pf_change_ap(m, saddr, &pd->hdr.udp.uh_sport,
+ pf_change_ap(pd->m, saddr, &pd->hdr.udp.uh_sport,
pd->ip_sum, &pd->hdr.udp.uh_sum,
&nk->addr[pd->sidx],
nk->port[pd->sidx], 1, pd->af);
@@ -5000,7 +5000,7 @@ pf_test_rule(struct pf_krule **rm, struct pf_kstate **sm,
if (PF_ANEQ(daddr, &nk->addr[pd->didx], pd->af) ||
nk->port[pd->didx] != dport) {
- pf_change_ap(m, daddr, &pd->hdr.udp.uh_dport,
+ pf_change_ap(pd->m, daddr, &pd->hdr.udp.uh_dport,
pd->ip_sum, &pd->hdr.udp.uh_sum,
&nk->addr[pd->didx],
nk->port[pd->didx], 1, pd->af);
@@ -5014,14 +5014,14 @@ pf_test_rule(struct pf_krule **rm, struct pf_kstate **sm,
if (PF_ANEQ(saddr, &nk->addr[pd->sidx], pd->af) ||
nk->port[pd->sidx] != sport) {
- pf_change_ap(m, saddr, &pd->hdr.sctp.src_port,
+ pf_change_ap(pd->m, saddr, &pd->hdr.sctp.src_port,
pd->ip_sum, &checksum,
&nk->addr[pd->sidx],
nk->port[pd->sidx], 1, pd->af);
}
if (PF_ANEQ(daddr, &nk->addr[pd->didx], pd->af) ||
nk->port[pd->didx] != dport) {
- pf_change_ap(m, daddr, &pd->hdr.sctp.dest_port,
+ pf_change_ap(pd->m, daddr, &pd->hdr.sctp.dest_port,
pd->ip_sum, &checksum,
&nk->addr[pd->didx],
nk->port[pd->didx], 1, pd->af);
@@ -5046,7 +5046,7 @@ pf_test_rule(struct pf_krule **rm, struct pf_kstate **sm,
pd->hdr.icmp.icmp_id = nk->port[pd->sidx];
pd->sport = &pd->hdr.icmp.icmp_id;
}
- m_copyback(m, pd->off, ICMP_MINLEN, (caddr_t)&pd->hdr.icmp);
+ m_copyback(pd->m, pd->off, ICMP_MINLEN, (caddr_t)&pd->hdr.icmp);
break;
#endif /* INET */
#ifdef INET6
@@ -5107,10 +5107,10 @@ pf_test_rule(struct pf_krule **rm, struct pf_kstate **sm,
PF_TEST_ATTRIB(r->proto && r->proto != pd->proto,
r->skip[PF_SKIP_PROTO]);
PF_TEST_ATTRIB(PF_MISMATCHAW(&r->src.addr, saddr, pd->af,
- r->src.neg, pd->kif, M_GETFIB(m)),
+ r->src.neg, pd->kif, M_GETFIB(pd->m)),
r->skip[PF_SKIP_SRC_ADDR]);
PF_TEST_ATTRIB(PF_MISMATCHAW(&r->dst.addr, daddr, pd->af,
- r->dst.neg, NULL, M_GETFIB(m)),
+ r->dst.neg, NULL, M_GETFIB(pd->m)),
r->skip[PF_SKIP_DST_ADDR]);
switch (pd->virtual_proto) {
case PF_VPROTO_FRAGMENT:
@@ -5143,13 +5143,13 @@ pf_test_rule(struct pf_krule **rm, struct pf_kstate **sm,
r->skip[PF_SKIP_DST_PORT]);
/* tcp/udp only. uid.op always 0 in other cases */
PF_TEST_ATTRIB(r->uid.op && (pd->lookup.done || (pd->lookup.done =
- pf_socket_lookup(pd, m), 1)) &&
+ pf_socket_lookup(pd), 1)) &&
!pf_match_uid(r->uid.op, r->uid.uid[0], r->uid.uid[1],
pd->lookup.uid),
TAILQ_NEXT(r, entries));
/* tcp/udp only. gid.op always 0 in other cases */
PF_TEST_ATTRIB(r->gid.op && (pd->lookup.done || (pd->lookup.done =
- pf_socket_lookup(pd, m), 1)) &&
+ pf_socket_lookup(pd), 1)) &&
!pf_match_gid(r->gid.op, r->gid.gid[0], r->gid.gid[1],
pd->lookup.gid),
TAILQ_NEXT(r, entries));
@@ -5171,22 +5171,22 @@ pf_test_rule(struct pf_krule **rm, struct pf_kstate **sm,
PF_TEST_ATTRIB(r->tos && !(r->tos == pd->tos),
TAILQ_NEXT(r, entries));
PF_TEST_ATTRIB(r->prio &&
- !pf_match_ieee8021q_pcp(r->prio, m),
+ !pf_match_ieee8021q_pcp(r->prio, pd->m),
TAILQ_NEXT(r, entries));
PF_TEST_ATTRIB(r->prob &&
r->prob <= arc4random(),
TAILQ_NEXT(r, entries));
- PF_TEST_ATTRIB(r->match_tag && !pf_match_tag(m, r, &tag,
+ PF_TEST_ATTRIB(r->match_tag && !pf_match_tag(pd->m, r, &tag,
pd->pf_mtag ? pd->pf_mtag->tag : 0),
TAILQ_NEXT(r, entries));
- PF_TEST_ATTRIB(r->rcv_kif && !pf_match_rcvif(m, r),
+ PF_TEST_ATTRIB(r->rcv_kif && !pf_match_rcvif(pd->m, r),
TAILQ_NEXT(r, entries));
PF_TEST_ATTRIB((r->rule_flag & PFRULE_FRAGMENT &&
pd->virtual_proto != PF_VPROTO_FRAGMENT),
TAILQ_NEXT(r, entries));
PF_TEST_ATTRIB(r->os_fingerprint != PF_OSFP_ANY &&
(pd->virtual_proto != IPPROTO_TCP || !pf_osfp_match(
- pf_osfp_fingerprint(pd, m, th),
+ pf_osfp_fingerprint(pd, th),
r->os_fingerprint)),
TAILQ_NEXT(r, entries));
/* FALLTHROUGH */
@@ -5207,8 +5207,7 @@ pf_test_rule(struct pf_krule **rm, struct pf_kstate **sm,
pf_counter_u64_critical_exit();
pf_rule_to_actions(r, &pd->act);
if (r->log || pd->act.log & PF_LOG_MATCHES)
- PFLOG_PACKET(m,
- r->action, PFRES_MATCH, r,
+ PFLOG_PACKET(r->action, PFRES_MATCH, r,
a, ruleset, pd, 1);
} else {
match = 1;
@@ -5216,8 +5215,7 @@ pf_test_rule(struct pf_krule **rm, struct pf_kstate **sm,
*am = a;
*rsm = ruleset;
if (pd->act.log & PF_LOG_MATCHES)
- PFLOG_PACKET(m,
- r->action, PFRES_MATCH, r,
+ PFLOG_PACKET(r->action, PFRES_MATCH, r,
a, ruleset, pd, 1);
}
if ((*rm)->quick)
@@ -5243,8 +5241,8 @@ nextrule:
if (r->log || pd->act.log & PF_LOG_MATCHES) {
if (rewrite)
- m_copyback(m, pd->off, pd->hdrlen, pd->hdr.any);
- PFLOG_PACKET(m, r->action, reason, r, a, ruleset, pd, 1);
+ m_copyback(pd->m, pd->off, pd->hdrlen, pd->hdr.any);
+ PFLOG_PACKET(r->action, reason, r, a, ruleset, pd, 1);
}
if (pd->virtual_proto != PF_VPROTO_FRAGMENT &&
@@ -5252,32 +5250,32 @@ nextrule:
((r->rule_flag & PFRULE_RETURNRST) ||
(r->rule_flag & PFRULE_RETURNICMP) ||
(r->rule_flag & PFRULE_RETURN))) {
- pf_return(r, nr, pd, sk, m, th, bproto_sum,
+ pf_return(r, nr, pd, sk, th, bproto_sum,
bip_sum, &reason, r->rtableid);
}
if (r->action == PF_DROP)
goto cleanup;
- if (tag > 0 && pf_tag_packet(m, pd, tag)) {
+ if (tag > 0 && pf_tag_packet(pd, tag)) {
REASON_SET(&reason, PFRES_MEMORY);
goto cleanup;
}
if (pd->act.rtableid >= 0)
- M_SETFIB(m, pd->act.rtableid);
+ M_SETFIB(pd->m, pd->act.rtableid);
if (pd->virtual_proto != PF_VPROTO_FRAGMENT &&
(!state_icmp && (r->keep_state || nr != NULL ||
(pd->flags & PFDESC_TCP_NORM)))) {
int action;
- action = pf_create_state(r, nr, a, pd, nsn, nk, sk, m,
+ action = pf_create_state(r, nr, a, pd, nsn, nk, sk,
sport, dport, &rewrite, sm, tag, bproto_sum, bip_sum,
&match_rules, udp_mapping);
if (action != PF_PASS) {
pf_udp_mapping_release(udp_mapping);
if (action == PF_DROP &&
(r->rule_flag & PFRULE_RETURN))
- pf_return(r, nr, pd, sk, m, th,
+ pf_return(r, nr, pd, sk, th,
bproto_sum, bip_sum, &reason,
pd->act.rtableid);
return (action);
@@ -5295,11 +5293,11 @@ nextrule:
/* copy back packet headers if we performed NAT operations */
if (rewrite)
- m_copyback(m, pd->off, pd->hdrlen, pd->hdr.any);
+ m_copyback(pd->m, pd->off, pd->hdrlen, pd->hdr.any);
if (*sm != NULL && !((*sm)->state_flags & PFSTATE_NOSYNC) &&
pd->dir == PF_OUT &&
- V_pfsync_defer_ptr != NULL && V_pfsync_defer_ptr(*sm, m))
+ V_pfsync_defer_ptr != NULL && V_pfsync_defer_ptr(*sm, pd->m))
/*
* We want the state created, but we dont
* want to send this in case a partner
@@ -5326,7 +5324,7 @@ cleanup:
static int
pf_create_state(struct pf_krule *r, struct pf_krule *nr, struct pf_krule *a,
struct pf_pdesc *pd, struct pf_ksrc_node *nsn, struct pf_state_key *nk,
- struct pf_state_key *sk, struct mbuf *m, u_int16_t sport,
+ struct pf_state_key *sk, u_int16_t sport,
u_int16_t dport, int *rewrite, struct pf_kstate **sm,
int tag, u_int16_t bproto_sum, u_int16_t bip_sum,
struct pf_krule_slist *match_rules, struct pf_udp_mapping *udp_mapping)
@@ -5397,14 +5395,14 @@ pf_create_state(struct pf_krule *r, struct pf_krule *nr, struct pf_krule *a,
if ((s->src.seqdiff = pf_tcp_iss(pd) - s->src.seqlo) ==
0)
s->src.seqdiff = 1;
- pf_change_proto_a(m, &th->th_seq, &th->th_sum,
+ pf_change_proto_a(pd->m, &th->th_seq, &th->th_sum,
htonl(s->src.seqlo + s->src.seqdiff), 0);
*rewrite = 1;
} else
s->src.seqdiff = 0;
if (th->th_flags & TH_SYN) {
s->src.seqhi++;
- s->src.wscale = pf_get_wscale(m, pd);
+ s->src.wscale = pf_get_wscale(pd);
}
s->src.max_win = MAX(ntohs(th->th_win), 1);
if (s->src.wscale & PF_WSCALE_MASK) {
@@ -5464,12 +5462,12 @@ pf_create_state(struct pf_krule *r, struct pf_krule *nr, struct pf_krule *a,
}
if (pd->proto == IPPROTO_TCP) {
if (s->state_flags & PFSTATE_SCRUB_TCP &&
- pf_normalize_tcp_init(m, pd, th, &s->src, &s->dst)) {
+ pf_normalize_tcp_init(pd, th, &s->src, &s->dst)) {
REASON_SET(&reason, PFRES_MEMORY);
goto csfailed;
}
if (s->state_flags & PFSTATE_SCRUB_TCP && s->src.scrub &&
- pf_normalize_tcp_stateful(m, pd, &reason, th, s,
+ pf_normalize_tcp_stateful(pd, &reason, th, s,
&s->src, &s->dst, rewrite)) {
/* This really shouldn't happen!!! */
DPFPRINTF(PF_DEBUG_URGENT,
@@ -5478,7 +5476,7 @@ pf_create_state(struct pf_krule *r, struct pf_krule *nr, struct pf_krule *a,
goto csfailed;
}
} else if (pd->proto == IPPROTO_SCTP) {
- if (pf_normalize_sctp_init(m, pd, &s->src, &s->dst))
+ if (pf_normalize_sctp_init(pd, &s->src, &s->dst))
goto csfailed;
if (! (pd->sctp_flags & (PFDESC_SCTP_INIT | PFDESC_SCTP_ADD_IP)))
goto csfailed;
@@ -5491,7 +5489,7 @@ pf_create_state(struct pf_krule *r, struct pf_krule *nr, struct pf_krule *a,
if (nr == NULL) {
KASSERT((sk == NULL && nk == NULL), ("%s: nr %p sk %p, nk %p",
__func__, nr, sk, nk));
- sk = pf_state_key_setup(pd, m, pd->src, pd->dst, sport, dport);
+ sk = pf_state_key_setup(pd, pd->src, pd->dst, sport, dport);
if (sk == NULL)
goto csfailed;
nk = sk;
@@ -5528,12 +5526,12 @@ pf_create_state(struct pf_krule *r, struct pf_krule *nr, struct pf_krule *a,
*pd->proto_sum = bproto_sum;
if (pd->ip_sum)
*pd->ip_sum = bip_sum;
- m_copyback(m, pd->off, pd->hdrlen, pd->hdr.any);
+ m_copyback(pd->m, pd->off, pd->hdrlen, pd->hdr.any);
}
s->src.seqhi = htonl(arc4random());
/* Find mss option */
- int rtid = M_GETFIB(m);
- mss = pf_get_mss(m, pd);
+ int rtid = M_GETFIB(pd->m);
+ mss = pf_get_mss(pd);
mss = pf_calc_mss(pd->src, pd->af, rtid, mss);
mss = pf_calc_mss(pd->dst, pd->af, rtid, mss);
s->src.mss = mss;
@@ -5592,8 +5590,8 @@ drop:
}
static int
-pf_tcp_track_full(struct pf_kstate **state, struct mbuf *m,
- struct pf_pdesc *pd, u_short *reason, int *copyback)
+pf_tcp_track_full(struct pf_kstate **state, struct pf_pdesc *pd,
+ u_short *reason, int *copyback)
{
struct tcphdr *th = &pd->hdr.tcp;
struct pf_state_peer *src, *dst;
@@ -5632,7 +5630,7 @@ pf_tcp_track_full(struct pf_kstate **state, struct mbuf *m,
if (((*state)->state_flags & PFSTATE_SCRUB_TCP || dst->scrub) &&
src->scrub == NULL) {
- if (pf_normalize_tcp_init(m, pd, th, src, dst)) {
+ if (pf_normalize_tcp_init(pd, th, src, dst)) {
REASON_SET(reason, PFRES_MEMORY);
return (PF_DROP);
}
@@ -5644,9 +5642,9 @@ pf_tcp_track_full(struct pf_kstate **state, struct mbuf *m,
while ((src->seqdiff = arc4random() - seq) == 0)
;
ack = ntohl(th->th_ack) - dst->seqdiff;
- pf_change_proto_a(m, &th->th_seq, &th->th_sum, htonl(seq +
+ pf_change_proto_a(pd->m, &th->th_seq, &th->th_sum, htonl(seq +
src->seqdiff), 0);
- pf_change_proto_a(m, &th->th_ack, &th->th_sum, htonl(ack), 0);
+ pf_change_proto_a(pd->m, &th->th_ack, &th->th_sum, htonl(ack), 0);
*copyback = 1;
} else {
ack = ntohl(th->th_ack);
@@ -5656,7 +5654,7 @@ pf_tcp_track_full(struct pf_kstate **state, struct mbuf *m,
if (th->th_flags & TH_SYN) {
end++;
if (dst->wscale & PF_WSCALE_FLAG) {
- src->wscale = pf_get_wscale(m, pd);
+ src->wscale = pf_get_wscale(pd);
if (src->wscale & PF_WSCALE_FLAG) {
/* Remove scale factor from initial
* window */
@@ -5697,9 +5695,9 @@ pf_tcp_track_full(struct pf_kstate **state, struct mbuf *m,
ack = ntohl(th->th_ack) - dst->seqdiff;
if (src->seqdiff) {
/* Modulate sequence numbers */
- pf_change_proto_a(m, &th->th_seq, &th->th_sum, htonl(seq +
+ pf_change_proto_a(pd->m, &th->th_seq, &th->th_sum, htonl(seq +
src->seqdiff), 0);
- pf_change_proto_a(m, &th->th_ack, &th->th_sum, htonl(ack), 0);
+ pf_change_proto_a(pd->m, &th->th_ack, &th->th_sum, htonl(ack), 0);
*copyback = 1;
}
end = seq + pd->p_len;
@@ -5745,7 +5743,7 @@ pf_tcp_track_full(struct pf_kstate **state, struct mbuf *m,
* options anyway.
*/
if (dst->seqdiff && (th->th_off << 2) > sizeof(struct tcphdr)) {
- if (pf_modulate_sack(m, pd, th, dst))
+ if (pf_modulate_sack(pd, th, dst))
*copyback = 1;
}
@@ -5763,7 +5761,7 @@ pf_tcp_track_full(struct pf_kstate **state, struct mbuf *m,
/* Require an exact/+1 sequence match on resets when possible */
if (dst->scrub || src->scrub) {
- if (pf_normalize_tcp_stateful(m, pd, reason, th,
+ if (pf_normalize_tcp_stateful(pd, reason, th,
*state, src, dst, copyback))
return (PF_DROP);
}
@@ -5863,7 +5861,7 @@ pf_tcp_track_full(struct pf_kstate **state, struct mbuf *m,
}
if (dst->scrub || src->scrub) {
- if (pf_normalize_tcp_stateful(m, pd, reason, th,
+ if (pf_normalize_tcp_stateful(pd, reason, th,
*state, src, dst, copyback))
return (PF_DROP);
}
@@ -6112,8 +6110,8 @@ pf_synproxy(struct pf_pdesc *pd, struct pf_kstate **state, u_short *reason)
}
static int
-pf_test_state_tcp(struct pf_kstate **state, struct mbuf *m,
- struct pf_pdesc *pd, u_short *reason)
+pf_test_state_tcp(struct pf_kstate **state, struct pf_pdesc *pd,
+ u_short *reason)
{
struct pf_state_key_cmp key;
struct tcphdr *th = &pd->hdr.tcp;
@@ -6171,7 +6169,7 @@ pf_test_state_tcp(struct pf_kstate **state, struct mbuf *m,
if (pf_tcp_track_sloppy(state, pd, reason) == PF_DROP)
return (PF_DROP);
} else {
- if (pf_tcp_track_full(state, m, pd, reason,
+ if (pf_tcp_track_full(state, pd, reason,
©back) == PF_DROP)
return (PF_DROP);
}
@@ -6182,13 +6180,13 @@ pf_test_state_tcp(struct pf_kstate **state, struct mbuf *m,
if (PF_ANEQ(pd->src, &nk->addr[pd->sidx], pd->af) ||
nk->port[pd->sidx] != th->th_sport)
- pf_change_ap(m, pd->src, &th->th_sport,
+ pf_change_ap(pd->m, pd->src, &th->th_sport,
pd->ip_sum, &th->th_sum, &nk->addr[pd->sidx],
nk->port[pd->sidx], 0, pd->af);
if (PF_ANEQ(pd->dst, &nk->addr[pd->didx], pd->af) ||
nk->port[pd->didx] != th->th_dport)
- pf_change_ap(m, pd->dst, &th->th_dport,
+ pf_change_ap(pd->m, pd->dst, &th->th_dport,
pd->ip_sum, &th->th_sum, &nk->addr[pd->didx],
nk->port[pd->didx], 0, pd->af);
copyback = 1;
@@ -6196,14 +6194,13 @@ pf_test_state_tcp(struct pf_kstate **state, struct mbuf *m,
/* Copyback sequence modulation or stateful scrub changes if needed */
if (copyback)
- m_copyback(m, pd->off, sizeof(*th), (caddr_t)th);
+ m_copyback(pd->m, pd->off, sizeof(*th), (caddr_t)th);
return (PF_PASS);
}
static int
-pf_test_state_udp(struct pf_kstate **state, struct mbuf *m,
- struct pf_pdesc *pd)
+pf_test_state_udp(struct pf_kstate **state, struct pf_pdesc *pd)
{
struct pf_state_peer *src, *dst;
struct pf_state_key_cmp key;
@@ -6258,24 +6255,24 @@ pf_test_state_udp(struct pf_kstate **state, struct mbuf *m,
if (PF_ANEQ(pd->src, &nk->addr[pd->sidx], pd->af) ||
nk->port[pd->sidx] != uh->uh_sport)
- pf_change_ap(m, pd->src, &uh->uh_sport, pd->ip_sum,
+ pf_change_ap(pd->m, pd->src, &uh->uh_sport, pd->ip_sum,
&uh->uh_sum, &nk->addr[pd->sidx],
nk->port[pd->sidx], 1, pd->af);
if (PF_ANEQ(pd->dst, &nk->addr[pd->didx], pd->af) ||
nk->port[pd->didx] != uh->uh_dport)
- pf_change_ap(m, pd->dst, &uh->uh_dport, pd->ip_sum,
+ pf_change_ap(pd->m, pd->dst, &uh->uh_dport, pd->ip_sum,
&uh->uh_sum, &nk->addr[pd->didx],
nk->port[pd->didx], 1, pd->af);
- m_copyback(m, pd->off, sizeof(*uh), (caddr_t)uh);
+ m_copyback(pd->m, pd->off, sizeof(*uh), (caddr_t)uh);
}
return (PF_PASS);
}
static int
-pf_test_state_sctp(struct pf_kstate **state, struct mbuf *m,
- struct pf_pdesc *pd, u_short *reason)
+pf_test_state_sctp(struct pf_kstate **state, struct pf_pdesc *pd,
+ u_short *reason)
{
struct pf_state_key_cmp key;
struct pf_state_peer *src, *dst;
*** 1556 LINES SKIPPED ***