git: fb827e006cec - stable/12 - ipfw: add IPv6 support for sockarg opcode.

Andrey V. Elsukov ae at FreeBSD.org
Tue Mar 9 08:54:01 UTC 2021 

The branch stable/12 has been updated by ae:

URL: https://cgit.FreeBSD.org/src/commit/?id=fb827e006cec095cbbec1811c9fb27722e76c6f6

commit fb827e006cec095cbbec1811c9fb27722e76c6f6
Author:     Andrey V. Elsukov <ae at FreeBSD.org>
AuthorDate: 2021-03-02 09:45:59 +0000
Commit:     Andrey V. Elsukov <ae at FreeBSD.org>
CommitDate: 2021-03-09 08:52:19 +0000

    ipfw: add IPv6 support for sockarg opcode.
    
    Sponsored by:   Yandex LLC
    
    (cherry picked from commit a9f7eba9597189c0e438f6986067d31dca1c53b0)
---
 sys/netpfil/ipfw/ip_fw2.c | 44 ++++++++++++++++++++++++++------------------
 1 file changed, 26 insertions(+), 18 deletions(-)

diff --git a/sys/netpfil/ipfw/ip_fw2.c b/sys/netpfil/ipfw/ip_fw2.c
index f639a3bfabbd..9d60b446dc73 100644
--- a/sys/netpfil/ipfw/ip_fw2.c
+++ b/sys/netpfil/ipfw/ip_fw2.c
@@ -2587,9 +2587,7 @@ do {						\
 #ifndef USERSPACE	/* not supported in userspace */
 				struct inpcb *inp = args->inp;
 				struct inpcbinfo *pi;
-				
-				if (is_ipv6) /* XXX can we remove this ? */
-					break;
+				bool inp_locked = false;
 
 				if (proto == IPPROTO_TCP)
 					pi = &V_tcbinfo;
@@ -2605,27 +2603,37 @@ do {						\
 				 * certainly be inp_user_cookie?
 				 */
 
-				/* For incoming packet, lookup up the 
-				inpcb using the src/dest ip/port tuple */
-				if (inp == NULL) {
-					inp = in_pcblookup(pi, 
-						src_ip, htons(src_port),
-						dst_ip, htons(dst_port),
-						INPLOOKUP_RLOCKPCB, NULL);
-					if (inp != NULL) {
-						tablearg =
-						    inp->inp_socket->so_user_cookie;
-						if (tablearg)
-							match = 1;
-						INP_RUNLOCK(inp);
-					}
-				} else {
+				/*
+				 * For incoming packet lookup the inpcb
+				 * using the src/dest ip/port tuple.
+				 */
+				if (is_ipv4 && inp == NULL) {
+					inp = in_pcblookup(pi,
+					    src_ip, htons(src_port),
+					    dst_ip, htons(dst_port),
+					    INPLOOKUP_RLOCKPCB, NULL);
+					inp_locked = true;
+				}
+#ifdef INET6
+				if (is_ipv6 && inp == NULL) {
+					inp = in6_pcblookup(pi,
+					    &args->f_id.src_ip6,
+					    htons(src_port),
+					    &args->f_id.dst_ip6,
+					    htons(dst_port),
+					    INPLOOKUP_RLOCKPCB, NULL);
+					inp_locked = true;
+				}
+#endif /* INET6 */
+				if (inp != NULL) {
 					if (inp->inp_socket) {
 						tablearg =
 						    inp->inp_socket->so_user_cookie;
 						if (tablearg)
 							match = 1;
 					}
+					if (inp_locked)
+						INP_RUNLOCK(inp);
 				}
 #endif /* !USERSPACE */
 				break;

More information about the dev-commits-src-all mailing list