FreeBSD Bugzilla – Attachment 198460 Details for
Bug 232522
if_ipsec and pf doesn't work
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Superfluous addition of pfile hooks in if_ipsec.c
if_ipsec.diff (text/plain), 2.53 KB, created by
Peter Blok
on 2018-10-22 09:46:29 UTC
(
hide
)
Description:
Superfluous addition of pfile hooks in if_ipsec.c
Filename:
MIME Type:
Creator:
Peter Blok
Created:
2018-10-22 09:46:29 UTC
Size:
2.53 KB
patch
obsolete
>*** sys/net/if_ipsec.c.orig Sat Oct 20 13:30:38 2018 >--- sys/net/if_ipsec.c Thu Oct 18 22:17:40 2018 >*************** >*** 50,75 **** >--- 50,80 ---- > #include <sys/proc.h> > #include <sys/conf.h> > > #include <net/if.h> > #include <net/if_var.h> > #include <net/if_clone.h> > #include <net/if_types.h> > #include <net/bpf.h> >+ #include <net/pfil.h> > #include <net/route.h> > #include <net/vnet.h> > >+ #if defined(INET) || defined(INET6) > #include <netinet/in.h> > #include <netinet/in_var.h> > #include <netinet/ip.h> >+ #include <netinet/ip_var.h> > > #include <netinet/ip6.h> >+ #include <netinet6/ip6_var.h> > #include <netinet6/in6_var.h> > #include <netinet6/scope6_var.h> >+ #endif > > #include <netipsec/ipsec.h> > #ifdef INET6 > #include <netipsec/ipsec6.h> > #endif > > #include <net/if_ipsec.h> > #include <netipsec/key.h> >*************** >*** 340,360 **** >--- 345,379 ---- > > BPF_MTAP2(ifp, &af, sizeof(af), m); > if_inc_counter(ifp, IFCOUNTER_OPACKETS, 1); > if_inc_counter(ifp, IFCOUNTER_OBYTES, m->m_pkthdr.len); > > switch (af) { > #ifdef INET > case AF_INET: >+ if (PFIL_HOOKED(&V_inet_pfil_hook)) { >+ if (pfil_run_hooks(&V_inet_pfil_hook, &m, ifp, PFIL_OUT, 0, NULL)) { >+ error = EACCES; >+ m_freem(m); >+ break; >+ } >+ } > error = ipsec4_process_packet(m, sp, NULL); > break; > #endif > #ifdef INET6 > case AF_INET6: >+ if (PFIL_HOOKED(&V_inet6_pfil_hook)) { >+ if (pfil_run_hooks(&V_inet6_pfil_hook, &m, ifp, PFIL_OUT, 0, NULL)) { >+ error = EACCES; >+ m_freem(m); >+ break; >+ } >+ } > error = ipsec6_process_packet(m, sp, NULL); > break; > #endif > default: > panic("%s: unknown address family\n", __func__); > } > err: > if (error != 0) >*************** >*** 432,447 **** >--- 451,484 ---- > * Set its ifnet as receiving interface. > */ > m->m_pkthdr.rcvif = ifp; > IPSEC_SC_RUNLOCK(); > > m_clrprotoflags(m); > M_SETFIB(m, ifp->if_fib); > BPF_MTAP2(ifp, &af, sizeof(af), m); >+ >+ #ifdef INET >+ if (AF_INET == af && PFIL_HOOKED(&V_inet_pfil_hook)) { >+ if (pfil_run_hooks(&V_inet_pfil_hook, &m, ifp, PFIL_IN, 0, NULL)) { >+ m_freem(m); >+ return (EACCES); >+ } >+ } >+ #endif >+ #ifdef INET6 >+ if (AF_INET6 == af && PFIL_HOOKED(&V_inet6_pfil_hook)) { >+ if (pfil_run_hooks(&V_inet6_pfil_hook, &m, ifp, PFIL_IN, 0, NULL)) { >+ m_freem(m); >+ return (EACCES); >+ } >+ } >+ #endif >+ > if_inc_counter(ifp, IFCOUNTER_IPACKETS, 1); > if_inc_counter(ifp, IFCOUNTER_IBYTES, m->m_pkthdr.len); > if ((ifp->if_flags & IFF_MONITOR) != 0) { > m_freem(m); > return (ENETDOWN); > } > return (0); > }
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 232522
: 198460