CVS commit: [netbsd-8] src/sys/net

Sat, 17 Mar 2018 04:27:09 -0700 

Module Name:    src
Committed By:   martin
Date:           Sat Mar 17 11:26:44 UTC 2018

Modified Files:
        src/sys/net [netbsd-8]: if_tun.c

Log Message:
Pull up following revision(s) (requested by tih in ticket #638):
        sys/net/if_tun.c: revision 1.143

Add packet filtering to tun(4) interfaces.

Calls to pfil_run_hooks() were missing in if_tun.c.  This meant that
filtering configuration could be added to e.g. /etc/npf.conf, but
would be ignored, because the filter never saw the packets.  This
change adds the required calls.

While here, correct the return value from tun_output(): it's been
returning 0 regardless of any error condition present, but will now
correctly propagate such information upward.

Thanks to maxv for guidance!
OK: christos, martin


To generate a diff of this commit:
cvs rdiff -u -r1.139.2.2 -r1.139.2.3 src/sys/net/if_tun.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/net/if_tun.c
diff -u src/sys/net/if_tun.c:1.139.2.2 src/sys/net/if_tun.c:1.139.2.3
--- src/sys/net/if_tun.c:1.139.2.2	Tue Jan  2 10:20:33 2018
+++ src/sys/net/if_tun.c	Sat Mar 17 11:26:44 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: if_tun.c,v 1.139.2.2 2018/01/02 10:20:33 snj Exp $	*/
+/*	$NetBSD: if_tun.c,v 1.139.2.3 2018/03/17 11:26:44 martin Exp $	*/
 
 /*
  * Copyright (c) 1988, Julian Onions <j...@cs.nott.ac.uk>
@@ -19,7 +19,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if_tun.c,v 1.139.2.2 2018/01/02 10:20:33 snj Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_tun.c,v 1.139.2.3 2018/03/17 11:26:44 martin Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_inet.h"
@@ -555,6 +555,11 @@ tun_output(struct ifnet *ifp, struct mbu
 
 	bpf_mtap_af(ifp, dst->sa_family, m0);
 
+	if ((error = pfil_run_hooks(ifp->if_pfil, &m0, ifp, PFIL_OUT)) != 0)
+		goto out;
+	if (m0 == NULL)
+		goto out;
+
 	switch(dst->sa_family) {
 #ifdef INET6
 	case AF_INET6:
@@ -624,10 +629,10 @@ tun_output(struct ifnet *ifp, struct mbu
 
 	mutex_exit(&tp->tun_lock);
 out:
-	if (error && m0) {
+	if (error && m0)
 		m_freem(m0);
-	}
-	return 0;
+
+	return error;
 }
 
 static void
@@ -941,6 +946,11 @@ tunwrite(dev_t dev, struct uio *uio, int
 
 	bpf_mtap_af(ifp, dst.sa_family, top);
 
+	if ((error = pfil_run_hooks(ifp->if_pfil, &top, ifp, PFIL_IN)) != 0)
+		goto out0;
+	if (top == NULL)
+		goto out0;
+
 	mutex_enter(&tp->tun_lock);
 	if ((tp->tun_flags & TUN_INITED) == 0) {
 		/* Interface was destroyed */

Reply via email to