The branch main has been updated by glebius: URL: https://cgit.FreeBSD.org/src/commit/?id=a22561501ff807b227305617ea2fb46072ce8b06
commit a22561501ff807b227305617ea2fb46072ce8b06 Author: Gleb Smirnoff <[email protected]> AuthorDate: 2023-02-14 18:02:49 +0000 Commit: Gleb Smirnoff <[email protected]> CommitDate: 2023-02-14 18:02:49 +0000 net: use pfil_mbuf_{in,out} where we always have an mbuf This finalizes what has been started in 0b70e3e78b0. Reviewed by: kp, mjg Differential revision: https://reviews.freebsd.org/D37976 --- sys/dev/virtio/network/if_vtnet.c | 6 +----- sys/net/if_bridge.c | 32 +++++++++++++++++++------------- sys/net/if_enc.c | 8 ++++++-- sys/net/if_ethersubr.c | 5 ++--- sys/netinet/ip_output.c | 3 +-- 5 files changed, 29 insertions(+), 25 deletions(-) diff --git a/sys/dev/virtio/network/if_vtnet.c b/sys/dev/virtio/network/if_vtnet.c index 505a62b01b4e..41eaa6a56086 100644 --- a/sys/dev/virtio/network/if_vtnet.c +++ b/sys/dev/virtio/network/if_vtnet.c @@ -2137,12 +2137,8 @@ vtnet_rxq_eof(struct vtnet_rxq *rxq) if (PFIL_HOOKED_IN(sc->vtnet_pfil)) { pfil_return_t pfil; - pfil = pfil_run_hooks(sc->vtnet_pfil, &m, ifp, PFIL_IN, - NULL); + pfil = pfil_mbuf_in(sc->vtnet_pfil, &m, ifp, NULL); switch (pfil) { - case PFIL_REALLOCED: - m = pfil_mem2mbuf(m->m_data); - break; case PFIL_DROPPED: case PFIL_CONSUMED: continue; diff --git a/sys/net/if_bridge.c b/sys/net/if_bridge.c index 5a4954e84869..9f99434dd4e0 100644 --- a/sys/net/if_bridge.c +++ b/sys/net/if_bridge.c @@ -3365,7 +3365,7 @@ bridge_pfil(struct mbuf **mp, struct ifnet *bifp, struct ifnet *ifp, int dir) /* Run the packet through pfil before stripping link headers */ if (PFIL_HOOKED_OUT(V_link_pfil_head) && V_pfil_ipfw != 0 && dir == PFIL_OUT && ifp != NULL) { - switch (pfil_run_hooks(V_link_pfil_head, mp, ifp, dir, NULL)) { + switch (pfil_mbuf_out(V_link_pfil_head, mp, ifp, NULL)) { case PFIL_DROPPED: return (EACCES); case PFIL_CONSUMED: @@ -3419,17 +3419,20 @@ bridge_pfil(struct mbuf **mp, struct ifnet *bifp, struct ifnet *ifp, int dir) * in_if -> bridge_if -> out_if */ if (V_pfil_bridge && dir == PFIL_OUT && bifp != NULL && (rv = - pfil_run_hooks(V_inet_pfil_head, mp, bifp, dir, NULL)) != + pfil_mbuf_out(V_inet_pfil_head, mp, bifp, NULL)) != PFIL_PASS) break; - if (V_pfil_member && ifp != NULL && (rv = - pfil_run_hooks(V_inet_pfil_head, mp, ifp, dir, NULL)) != - PFIL_PASS) - break; + if (V_pfil_member && ifp != NULL) { + rv = (dir == PFIL_OUT) ? + pfil_mbuf_out(V_inet_pfil_head, mp, ifp, NULL) : + pfil_mbuf_in(V_inet_pfil_head, mp, ifp, NULL); + if (rv != PFIL_PASS) + break; + } if (V_pfil_bridge && dir == PFIL_IN && bifp != NULL && (rv = - pfil_run_hooks(V_inet_pfil_head, mp, bifp, dir, NULL)) != + pfil_mbuf_in(V_inet_pfil_head, mp, bifp, NULL)) != PFIL_PASS) break; @@ -3467,17 +3470,20 @@ bridge_pfil(struct mbuf **mp, struct ifnet *bifp, struct ifnet *ifp, int dir) #ifdef INET6 case ETHERTYPE_IPV6: if (V_pfil_bridge && dir == PFIL_OUT && bifp != NULL && (rv = - pfil_run_hooks(V_inet6_pfil_head, mp, bifp, dir, NULL)) != + pfil_mbuf_out(V_inet6_pfil_head, mp, bifp, NULL)) != PFIL_PASS) break; - if (V_pfil_member && ifp != NULL && (rv = - pfil_run_hooks(V_inet6_pfil_head, mp, ifp, dir, NULL)) != - PFIL_PASS) - break; + if (V_pfil_member && ifp != NULL) { + rv = (dir == PFIL_OUT) ? + pfil_mbuf_out(V_inet6_pfil_head, mp, ifp, NULL) : + pfil_mbuf_in(V_inet6_pfil_head, mp, ifp, NULL); + if (rv != PFIL_PASS) + break; + } if (V_pfil_bridge && dir == PFIL_IN && bifp != NULL && (rv = - pfil_run_hooks(V_inet6_pfil_head, mp, bifp, dir, NULL)) != + pfil_mbuf_in(V_inet6_pfil_head, mp, bifp, NULL)) != PFIL_PASS) break; break; diff --git a/sys/net/if_enc.c b/sys/net/if_enc.c index da6ce7a1a815..b5ea1c68692c 100644 --- a/sys/net/if_enc.c +++ b/sys/net/if_enc.c @@ -247,7 +247,7 @@ enc_hhook(int32_t hhook_type, int32_t hhook_id, void *udata, void *ctx_data, struct enc_softc *sc; struct ifnet *ifp, *rcvif; struct pfil_head *ph; - int pdir; + int pdir, ret; sc = (struct enc_softc *)udata; ifp = sc->sc_ifp; @@ -307,7 +307,11 @@ enc_hhook(int32_t hhook_type, int32_t hhook_id, void *udata, void *ctx_data, /* Make a packet looks like it was received on enc(4) */ rcvif = (*ctx->mp)->m_pkthdr.rcvif; (*ctx->mp)->m_pkthdr.rcvif = ifp; - if (pfil_run_hooks(ph, ctx->mp, ifp, pdir, ctx->inp) != PFIL_PASS) { + if (pdir == PFIL_IN) + ret = pfil_mbuf_in(ph, ctx->mp, ifp, ctx->inp); + else + ret = pfil_mbuf_out(ph, ctx->mp, ifp, ctx->inp); + if (ret != PFIL_PASS) { *ctx->mp = NULL; /* consumed by filter */ return (EACCES); } diff --git a/sys/net/if_ethersubr.c b/sys/net/if_ethersubr.c index 8bc66497e161..34ff4ac22e7f 100644 --- a/sys/net/if_ethersubr.c +++ b/sys/net/if_ethersubr.c @@ -474,8 +474,7 @@ ether_output_frame(struct ifnet *ifp, struct mbuf *m) return (0); if (PFIL_HOOKED_OUT(V_link_pfil_head)) - switch (pfil_run_hooks(V_link_pfil_head, &m, ifp, PFIL_OUT, - NULL)) { + switch (pfil_mbuf_out(V_link_pfil_head, &m, ifp, NULL)) { case PFIL_DROPPED: return (EACCES); case PFIL_CONSUMED: @@ -853,7 +852,7 @@ ether_demux(struct ifnet *ifp, struct mbuf *m) /* Do not grab PROMISC frames in case we are re-entered. */ if (PFIL_HOOKED_IN(V_link_pfil_head) && !(m->m_flags & M_PROMISC)) { - i = pfil_run_hooks(V_link_pfil_head, &m, ifp, PFIL_IN, NULL); + i = pfil_mbuf_in(V_link_pfil_head, &m, ifp, NULL); if (i != 0 || m == NULL) return; } diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c index 739138a6f791..e62935b247da 100644 --- a/sys/netinet/ip_output.c +++ b/sys/netinet/ip_output.c @@ -116,14 +116,13 @@ ip_output_pfil(struct mbuf **mp, struct ifnet *ifp, int flags, struct mbuf *m; struct in_addr odst; struct ip *ip; - int pflags = PFIL_OUT; m = *mp; ip = mtod(m, struct ip *); /* Run through list of hooks for output packets. */ odst.s_addr = ip->ip_dst.s_addr; - switch (pfil_run_hooks(V_inet_pfil_head, mp, ifp, pflags, inp)) { + switch (pfil_mbuf_out(V_inet_pfil_head, mp, ifp, inp)) { case PFIL_DROPPED: *error = EACCES; /* FALLTHROUGH */
