svn commit: r237788 - projects/pf/head/sys/contrib/pf/net

Fri Jun 29 15:24:43 UTC 2012

Author: glebius
Date: Fri Jun 29 15:24:42 2012
New Revision: 237788
URL: http://svn.freebsd.org/changeset/base/237788

Log:
  As Robert suggested provide mbuf to pf_socket_lookup() and utilize
  in_pcblookup_mbuf()/in6_pcblookup_mbuf().

Modified:
  projects/pf/head/sys/contrib/pf/net/if_pflog.c
  projects/pf/head/sys/contrib/pf/net/pf.c
  projects/pf/head/sys/contrib/pf/net/pfvar.h

Modified: projects/pf/head/sys/contrib/pf/net/if_pflog.c
==============================================================================

--- projects/pf/head/sys/contrib/pf/net/if_pflog.c	Fri Jun 29 15:21:34 2012	(r237787)
+++ projects/pf/head/sys/contrib/pf/net/if_pflog.c	Fri Jun 29 15:24:42 2012	(r237788)
@@ -234,7 +234,7 @@ pflog_packet(struct pfi_kif *kif, struct
 	 * These conditions are very very rare, however.
 	 */
 	if (rm->log & PF_LOG_SOCKET_LOOKUP && !pd->lookup.done && lookupsafe)
-		pd->lookup.done = pf_socket_lookup(dir, pd);
+		pd->lookup.done = pf_socket_lookup(dir, pd, m);
 	if (pd->lookup.done > 0)
 		hdr.uid = pd->lookup.uid;
 	else

Modified: projects/pf/head/sys/contrib/pf/net/pf.c
==============================================================================
--- projects/pf/head/sys/contrib/pf/net/pf.c	Fri Jun 29 15:21:34 2012	(r237787)
+++ projects/pf/head/sys/contrib/pf/net/pf.c	Fri Jun 29 15:24:42 2012	(r237788)
@@ -2644,7 +2644,7 @@ pf_addr_inc(struct pf_addr *addr, sa_fam
 #endif /* INET6 */
 
 int
-pf_socket_lookup(int direction, struct pf_pdesc *pd)
+pf_socket_lookup(int direction, struct pf_pdesc *pd, struct mbuf *m)
 {
 	struct pf_addr		*saddr, *daddr;
 	u_int16_t		 sport, dport;
@@ -2687,16 +2687,12 @@ pf_socket_lookup(int direction, struct p
 	switch (pd->af) {
 #ifdef INET
 	case AF_INET:
-		/*
-		 * XXXRW: would be nice if we had an mbuf here so that we
-		 * could use in_pcblookup_mbuf().
-		 */
-		inp = in_pcblookup(pi, saddr->v4, sport, daddr->v4,
-			dport, INPLOOKUP_RLOCKPCB, NULL);
+		inp = in_pcblookup_mbuf(pi, saddr->v4, sport, daddr->v4,
+		    dport, INPLOOKUP_RLOCKPCB, NULL, m);
 		if (inp == NULL) {
-			inp = in_pcblookup(pi, saddr->v4, sport,
+			inp = in_pcblookup_mbuf(pi, saddr->v4, sport,
 			   daddr->v4, dport, INPLOOKUP_WILDCARD |
-			   INPLOOKUP_RLOCKPCB, NULL);
+			   INPLOOKUP_RLOCKPCB, NULL, m);
 			if (inp == NULL)
 				return (-1);
 		}
@@ -2704,16 +2700,12 @@ pf_socket_lookup(int direction, struct p
 #endif /* INET */
 #ifdef INET6
 	case AF_INET6:
-		/*
-		 * XXXRW: would be nice if we had an mbuf here so that we
-		 * could use in6_pcblookup_mbuf().
-		 */
-		inp = in6_pcblookup(pi, &saddr->v6, sport,
-			&daddr->v6, dport, INPLOOKUP_RLOCKPCB, NULL);
+		inp = in6_pcblookup_mbuf(pi, &saddr->v6, sport, &daddr->v6,
+		    dport, INPLOOKUP_RLOCKPCB, NULL, m);
 		if (inp == NULL) {
-			inp = in6_pcblookup(pi, &saddr->v6, sport,
+			inp = in6_pcblookup_mbuf(pi, &saddr->v6, sport,
 			    &daddr->v6, dport, INPLOOKUP_WILDCARD |
-			    INPLOOKUP_RLOCKPCB, NULL);
+			    INPLOOKUP_RLOCKPCB, NULL, m);
 			if (inp == NULL)
 				return (-1);
 		}
@@ -3170,13 +3162,13 @@ pf_test_rule(struct pf_rule **rm, struct
 			r = TAILQ_NEXT(r, entries);
 		/* tcp/udp only. uid.op always 0 in other cases */
 		else if (r->uid.op && (pd->lookup.done || (pd->lookup.done =
-		    pf_socket_lookup(direction, pd), 1)) &&
+		    pf_socket_lookup(direction, pd, m), 1)) &&
 		    !pf_match_uid(r->uid.op, r->uid.uid[0], r->uid.uid[1],
 		    pd->lookup.uid))
 			r = TAILQ_NEXT(r, entries);
 		/* tcp/udp only. gid.op always 0 in other cases */
 		else if (r->gid.op && (pd->lookup.done || (pd->lookup.done =
-		    pf_socket_lookup(direction, pd), 1)) &&
+		    pf_socket_lookup(direction, pd, m), 1)) &&
 		    !pf_match_gid(r->gid.op, r->gid.gid[0], r->gid.gid[1],
 		    pd->lookup.gid))
 			r = TAILQ_NEXT(r, entries);

Modified: projects/pf/head/sys/contrib/pf/net/pfvar.h
==============================================================================
--- projects/pf/head/sys/contrib/pf/net/pfvar.h	Fri Jun 29 15:21:34 2012	(r237787)
+++ projects/pf/head/sys/contrib/pf/net/pfvar.h	Fri Jun 29 15:24:42 2012	(r237788)
@@ -1841,7 +1841,7 @@ u_int32_t
 void	pf_purge_expired_fragments(void);
 int	pf_routable(struct pf_addr *addr, sa_family_t af, struct pfi_kif *,
 	    int);
-int	pf_socket_lookup(int, struct pf_pdesc *);   
+int	pf_socket_lookup(int, struct pf_pdesc *, struct mbuf *);
 struct pf_state_key *pf_alloc_state_key(int);
 void	pfr_initialize(void);
 void	pfr_cleanup(void);
