CVS commit: src/sys/net/npf

Frank Kardel Sun, 12 Feb 2023 05:38:45 -0800

Module Name:    src
Committed By:   kardel
Date:           Sun Feb 12 13:38:37 UTC 2023


Modified Files:
        src/sys/net/npf: npf.h npf_mbuf.c npf_sendpkt.c

Log Message:
PR kern/56052:
allow block-return packets passed through without rule matching.
Included up-stream as https://github.com/rmind/npf/pull/115


To generate a diff of this commit:
cvs rdiff -u -r1.63 -r1.64 src/sys/net/npf/npf.h
cvs rdiff -u -r1.24 -r1.25 src/sys/net/npf/npf_mbuf.c
cvs rdiff -u -r1.22 -r1.23 src/sys/net/npf/npf_sendpkt.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/net/npf/npf.h
diff -u src/sys/net/npf/npf.h:1.63 src/sys/net/npf/npf.h:1.64
--- src/sys/net/npf/npf.h:1.63	Sat May 30 14:16:56 2020
+++ src/sys/net/npf/npf.h	Sun Feb 12 13:38:37 2023
@@ -122,6 +122,7 @@ void *		nbuf_ensure_writable(nbuf_t *, s
 
 bool		nbuf_cksum_barrier(nbuf_t *, int);
 int		nbuf_add_tag(nbuf_t *, uint32_t);
+int		npf_mbuf_add_tag(nbuf_t *, struct mbuf *, uint32_t);
 int		nbuf_find_tag(nbuf_t *, uint32_t *);
 
 /*

Index: src/sys/net/npf/npf_mbuf.c
diff -u src/sys/net/npf/npf_mbuf.c:1.24 src/sys/net/npf/npf_mbuf.c:1.25
--- src/sys/net/npf/npf_mbuf.c:1.24	Sat May 30 14:16:56 2020
+++ src/sys/net/npf/npf_mbuf.c	Sun Feb 12 13:38:37 2023
@@ -36,7 +36,7 @@
 
 #ifdef _KERNEL
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_mbuf.c,v 1.24 2020/05/30 14:16:56 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_mbuf.c,v 1.25 2023/02/12 13:38:37 kardel Exp $");
 
 #include <sys/param.h>
 #include <sys/mbuf.h>
@@ -297,14 +297,13 @@ nbuf_cksum_barrier(nbuf_t *nbuf, int di)
 }
 
 /*
- * nbuf_add_tag: associate a tag with the network buffer.
+ * npf_mbuf_add_tag: associate a tag with the network buffer.
  *
  * => Returns 0 on success or error number on failure.
  */
 int
-nbuf_add_tag(nbuf_t *nbuf, uint32_t val)
+npf_mbuf_add_tag(nbuf_t *nbuf, struct mbuf *m, uint32_t val)
 {
-	struct mbuf *m = nbuf->nb_mbuf0;
 #ifdef _KERNEL
 	struct m_tag *mt;
 	uint32_t *dat;
@@ -328,6 +327,18 @@ nbuf_add_tag(nbuf_t *nbuf, uint32_t val)
 }
 
 /*
+ * nbuf_add_tag: associate a tag with the network buffer.
+ *
+ * => Returns 0 on success or error number on failure.
+ */
+int
+nbuf_add_tag(nbuf_t *nbuf, uint32_t val)
+{
+	struct mbuf *m = nbuf->nb_mbuf0;
+	return npf_mbuf_add_tag(nbuf, m, val);
+}
+
+/*
  * nbuf_find_tag: find a tag associated with a network buffer.
  *
  * => Returns 0 on success or error number on failure.

Index: src/sys/net/npf/npf_sendpkt.c
diff -u src/sys/net/npf/npf_sendpkt.c:1.22 src/sys/net/npf/npf_sendpkt.c:1.23
--- src/sys/net/npf/npf_sendpkt.c:1.22	Sat May 30 14:16:56 2020
+++ src/sys/net/npf/npf_sendpkt.c	Sun Feb 12 13:38:37 2023
@@ -33,7 +33,7 @@
 
 #ifdef _KERNEL
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_sendpkt.c,v 1.22 2020/05/30 14:16:56 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_sendpkt.c,v 1.23 2023/02/12 13:38:37 kardel Exp $");
 
 #include <sys/param.h>
 #include <sys/types.h>
@@ -197,6 +197,9 @@ npf_return_tcp(npf_cache_t *npc)
 		}
 	}
 
+	/* don't look at our generated reject packets going out */
+	(void)npf_mbuf_add_tag(npc->npc_nbuf, m, NPF_NTAG_PASS);
+
 	/* Pass to IP layer. */
 	if (npf_iscached(npc, NPC_IP4)) {
 		return ip_output(m, NULL, NULL, IP_FORWARDING, NULL, NULL);
@@ -215,6 +218,9 @@ npf_return_icmp(const npf_cache_t *npc)
 {
 	struct mbuf *m = nbuf_head_mbuf(npc->npc_nbuf);
 
+	/* don't look at our generated reject packets going out */
+	(void)nbuf_add_tag(npc->npc_nbuf, NPF_NTAG_PASS);
+
 	if (npf_iscached(npc, NPC_IP4)) {
 		icmp_error(m, ICMP_UNREACH, ICMP_UNREACH_ADMIN_PROHIBIT, 0, 0);
 		return 0;

CVS commit: src/sys/net/npf

Reply via email to