Attachment #132068 for bug #176268




			    const struct pf_addr *, const struct pf_addr *,
			    u_int16_t, u_int16_t, u_int32_t, u_int32_t,
			    u_int8_t, u_int16_t, u_int16_t, u_int8_t, int,
			    u_int16_t, struct ether_header *, struct ifnet *,
				struct route *route_to_ro);
static void		 pf_send_icmp(struct mbuf *, u_int8_t, u_int8_t,
			    sa_family_t, struct pf_rule *);
void			 pf_detach_state(struct pf_state *);

		    cur->key[PF_SK_WIRE]->port[1],
		    cur->key[PF_SK_WIRE]->port[0],
		    cur->src.seqhi, cur->src.seqlo + 1,
		    TH_RST|TH_ACK, 0, 0, 0, 1, cur->tag, NULL, NULL, NULL);
	}
#ifdef __FreeBSD__
	RB_REMOVE(pf_state_tree_id, &V_tree_id, cur);

    const struct pf_addr *saddr, const struct pf_addr *daddr,
    u_int16_t sport, u_int16_t dport, u_int32_t seq, u_int32_t ack,
    u_int8_t flags, u_int16_t win, u_int16_t mss, u_int8_t ttl, int tag,
    u_int16_t rtag, struct ether_header *eh, struct ifnet *ifp, struct route *route_to_ro)
{
	struct mbuf	*m;
	int		 len, tlen;

		if (eh == NULL) {
#ifdef __FreeBSD__
		PF_UNLOCK();
		ip_output(m, (void *)NULL, route_to_ro, 0,
		    (void *)NULL, (void *)NULL);
		PF_LOCK();
#else /* ! __FreeBSD__ */
			ip_output(m, (void *)NULL, route_to_ro, 0,
			    (void *)NULL, (void *)NULL);
#endif
		} else {

#endif
				    pd->src, th->th_dport, th->th_sport,
				    ntohl(th->th_ack), ack, TH_RST|TH_ACK, 0, 0,
				    r->return_ttl, 1, 0, pd->eh, kif->pfik_ifp, NULL);
			}
		} else if (pd->proto != IPPROTO_ICMP && af == AF_INET &&
		    r->return_icmp)

		pf_send_tcp(r, pd->af, pd->dst, pd->src, th->th_dport,
#endif
		    th->th_sport, s->src.seqhi, ntohl(th->th_seq) + 1,
		    TH_SYN|TH_ACK, 0, s->src.mss, 0, 1, 0, NULL, NULL, NULL);
		REASON_SET(&reason, PFRES_SYNPROXY);
		return (PF_SYNPROXY_DROP);
	}

				    th->th_sport, ntohl(th->th_ack), 0,
				    TH_RST, 0, 0,
				    (*state)->rule.ptr->return_ttl, 1, 0,
				    pd->eh, kif->pfik_ifp, NULL);
			src->seqlo = 0;
			src->seqhi = 1;
			src->max_win = 1;

	struct pf_state_peer	*src, *dst;
	struct pf_state_key	*sk;

	/* A route information is required for route-to and synproxy state combination. */
	struct route        route_to_ro;
	struct rtentry      route_to_rt;
	struct sockaddr_in  route_to_gw;
	struct route       *route_to_ro0 = NULL;

	key.af = pd->af;
	key.proto = IPPROTO_TCP;
	if (direction == PF_IN)	{	/* wire side, straight */

			    pd->src, th->th_dport, th->th_sport,
			    (*state)->src.seqhi, ntohl(th->th_seq) + 1,
			    TH_SYN|TH_ACK, 0, (*state)->src.mss, 0, 1,
			    0, NULL, NULL, NULL);
			REASON_SET(reason, PFRES_SYNPROXY);
			return (PF_SYNPROXY_DROP);
		} else if (!(th->th_flags & TH_ACK) ||

			(*state)->src.state = PF_TCPS_PROXY_DST;
	}
	if ((*state)->src.state == PF_TCPS_PROXY_DST) {
		/* When running a combination of route-to and synproxy state,
		   the SYN packet going to route-to target must use the target interface
		   and gateway stored in connection state instead of standard route table lookup */ 
		if ( (*state)->rt_kif ) {
			/* Assign gateway interface and flags */
			route_to_rt.rt_flags = RTF_UP|RTF_HOST|RTF_GATEWAY;
			route_to_rt.rt_ifp = (*state)->rt_kif->pfik_ifp;
			route_to_rt.rt_ifa = (*state)->rt_kif->pfik_ifp->if_addr;
			route_to_rt.rt_rmx.rmx_mtu = (*state)->rt_kif->pfik_ifp->if_mtu;
			
			/* Assign gateway address. */
			route_to_gw.sin_family = AF_INET;
			route_to_gw.sin_len = sizeof(struct sockaddr_in);
			route_to_gw.sin_addr = (*state)->rt_addr.v4;
			
			/* Assign destination address. */
			((struct sockaddr_in*)&route_to_ro.ro_dst)->sin_family = AF_INET;
			((struct sockaddr_in*)&route_to_ro.ro_dst)->sin_len = sizeof(struct sockaddr_in);
			((struct sockaddr_in*)&route_to_ro.ro_dst)->sin_addr = sk->addr[pd->didx].v4;

			/* Glue things together */
			route_to_ro.ro_lle = NULL;
			route_to_rt.rt_gateway = (struct sockaddr*)&route_to_gw;
			route_to_ro.ro_rt = &route_to_rt;
			route_to_ro0 = &route_to_ro;
		}

		if (direction == (*state)->direction) {
			if (((th->th_flags & (TH_SYN|TH_ACK)) != TH_ACK) ||
			    (ntohl(th->th_ack) != (*state)->src.seqhi + 1) ||

			    &sk->addr[pd->sidx], &sk->addr[pd->didx],
			    sk->port[pd->sidx], sk->port[pd->didx],
			    (*state)->dst.seqhi, 0, TH_SYN, 0,
			    (*state)->src.mss, 0, 0, (*state)->tag, NULL, NULL, route_to_ro0);
			REASON_SET(reason, PFRES_SYNPROXY);
			return (PF_SYNPROXY_DROP);
		} else if (((th->th_flags & (TH_SYN|TH_ACK)) !=

			    pd->src, th->th_dport, th->th_sport,
			    ntohl(th->th_ack), ntohl(th->th_seq) + 1,
			    TH_ACK, (*state)->src.max_win, 0, 0, 0,
			    (*state)->tag, NULL, NULL, NULL);
#ifdef __FreeBSD__
			pf_send_tcp(NULL, (*state)->rule.ptr, pd->af,
#else

			    sk->port[pd->sidx], sk->port[pd->didx],
			    (*state)->src.seqhi + 1, (*state)->src.seqlo + 1,
			    TH_ACK, (*state)->dst.max_win, 0, 0, 1,
			    0, NULL, NULL, route_to_ro0);
			(*state)->src.seqdiff = (*state)->dst.seqhi -
			    (*state)->src.seqlo;
			(*state)->dst.seqdiff = (*state)->src.seqhi -

Return to bug 176268

Lines 261-267 Link Here

(-)sys/contrib/pf/net/pf.c (-12 / +46 lines)
261	const struct pf_addr , const struct pf_addr ,	261	const struct pf_addr , const struct pf_addr ,
262	u_int16_t, u_int16_t, u_int32_t, u_int32_t,	262	u_int16_t, u_int16_t, u_int32_t, u_int32_t,
263	u_int8_t, u_int16_t, u_int16_t, u_int8_t, int,	263	u_int8_t, u_int16_t, u_int16_t, u_int8_t, int,
264	u_int16_t, struct ether_header , struct ifnet );	264	u_int16_t, struct ether_header , struct ifnet ,
		265	struct route *route_to_ro);
265	static void pf_send_icmp(struct mbuf *, u_int8_t, u_int8_t,	266	static void pf_send_icmp(struct mbuf *, u_int8_t, u_int8_t,
266	sa_family_t, struct pf_rule *);	267	sa_family_t, struct pf_rule *);
267	void pf_detach_state(struct pf_state *);	268	void pf_detach_state(struct pf_state *);
Lines 1570-1576 Link Here
1570	cur->key[PF_SK_WIRE]->port[1],	1571	cur->key[PF_SK_WIRE]->port[1],
1571	cur->key[PF_SK_WIRE]->port[0],	1572	cur->key[PF_SK_WIRE]->port[0],
1572	cur->src.seqhi, cur->src.seqlo + 1,	1573	cur->src.seqhi, cur->src.seqlo + 1,
1573	TH_RST\|TH_ACK, 0, 0, 0, 1, cur->tag, NULL, NULL);	1574	TH_RST\|TH_ACK, 0, 0, 0, 1, cur->tag, NULL, NULL, NULL);
1574	}	1575	}
1575	#ifdef __FreeBSD__	1576	#ifdef __FreeBSD__
1576	RB_REMOVE(pf_state_tree_id, &V_tree_id, cur);	1577	RB_REMOVE(pf_state_tree_id, &V_tree_id, cur);
Lines 2265-2271 Link Here
2265	const struct pf_addr saddr, const struct pf_addr daddr,	2266	const struct pf_addr saddr, const struct pf_addr daddr,
2266	u_int16_t sport, u_int16_t dport, u_int32_t seq, u_int32_t ack,	2267	u_int16_t sport, u_int16_t dport, u_int32_t seq, u_int32_t ack,
2267	u_int8_t flags, u_int16_t win, u_int16_t mss, u_int8_t ttl, int tag,	2268	u_int8_t flags, u_int16_t win, u_int16_t mss, u_int8_t ttl, int tag,
2268	u_int16_t rtag, struct ether_header eh, struct ifnet ifp)	2269	u_int16_t rtag, struct ether_header eh, struct ifnet ifp, struct route *route_to_ro)
2269	{	2270	{
2270	struct mbuf *m;	2271	struct mbuf *m;
2271	int len, tlen;	2272	int len, tlen;
Lines 2442-2452 Link Here
2442	if (eh == NULL) {	2443	if (eh == NULL) {
2443	#ifdef __FreeBSD__	2444	#ifdef __FreeBSD__
2444	PF_UNLOCK();	2445	PF_UNLOCK();
2445	ip_output(m, (void )NULL, (void )NULL, 0,	2446	ip_output(m, (void *)NULL, route_to_ro, 0,
2446	(void )NULL, (void )NULL);	2447	(void )NULL, (void )NULL);
2447	PF_LOCK();	2448	PF_LOCK();
2448	#else /* ! __FreeBSD__ */	2449	#else /* ! __FreeBSD__ */
2449	ip_output(m, (void )NULL, (void )NULL, 0,	2450	ip_output(m, (void *)NULL, route_to_ro, 0,
2450	(void )NULL, (void )NULL);	2451	(void )NULL, (void )NULL);
2451	#endif	2452	#endif
2452	} else {	2453	} else {
Lines 3681-3687 Link Here
3681	#endif	3682	#endif
3682	pd->src, th->th_dport, th->th_sport,	3683	pd->src, th->th_dport, th->th_sport,
3683	ntohl(th->th_ack), ack, TH_RST\|TH_ACK, 0, 0,	3684	ntohl(th->th_ack), ack, TH_RST\|TH_ACK, 0, 0,
3684	r->return_ttl, 1, 0, pd->eh, kif->pfik_ifp);	3685	r->return_ttl, 1, 0, pd->eh, kif->pfik_ifp, NULL);
3685	}	3686	}
3686	} else if (pd->proto != IPPROTO_ICMP && af == AF_INET &&	3687	} else if (pd->proto != IPPROTO_ICMP && af == AF_INET &&
3687	r->return_icmp)	3688	r->return_icmp)
Lines 3990-3996 Link Here
3990	pf_send_tcp(r, pd->af, pd->dst, pd->src, th->th_dport,	3991	pf_send_tcp(r, pd->af, pd->dst, pd->src, th->th_dport,
3991	#endif	3992	#endif
3992	th->th_sport, s->src.seqhi, ntohl(th->th_seq) + 1,	3993	th->th_sport, s->src.seqhi, ntohl(th->th_seq) + 1,
3993	TH_SYN\|TH_ACK, 0, s->src.mss, 0, 1, 0, NULL, NULL);	3994	TH_SYN\|TH_ACK, 0, s->src.mss, 0, 1, 0, NULL, NULL, NULL);
3994	REASON_SET(&reason, PFRES_SYNPROXY);	3995	REASON_SET(&reason, PFRES_SYNPROXY);
3995	return (PF_SYNPROXY_DROP);	3996	return (PF_SYNPROXY_DROP);
3996	}	3997	}
Lines 4445-4451 Link Here
4445	th->th_sport, ntohl(th->th_ack), 0,	4446	th->th_sport, ntohl(th->th_ack), 0,
4446	TH_RST, 0, 0,	4447	TH_RST, 0, 0,
4447	(*state)->rule.ptr->return_ttl, 1, 0,	4448	(*state)->rule.ptr->return_ttl, 1, 0,
4448	pd->eh, kif->pfik_ifp);	4449	pd->eh, kif->pfik_ifp, NULL);
4449	src->seqlo = 0;	4450	src->seqlo = 0;
4450	src->seqhi = 1;	4451	src->seqhi = 1;
4451	src->max_win = 1;	4452	src->max_win = 1;
Lines 4566-4571 Link Here
4566	struct pf_state_peer src, dst;	4567	struct pf_state_peer src, dst;
4567	struct pf_state_key *sk;	4568	struct pf_state_key *sk;
4568		4569
		4570	/* A route information is required for route-to and synproxy state combination. */
		4571	struct route route_to_ro;
		4572	struct rtentry route_to_rt;
		4573	struct sockaddr_in route_to_gw;
		4574	struct route *route_to_ro0 = NULL;
		4575
4569	key.af = pd->af;	4576	key.af = pd->af;
4570	key.proto = IPPROTO_TCP;	4577	key.proto = IPPROTO_TCP;
4571	if (direction == PF_IN) { /* wire side, straight */	4578	if (direction == PF_IN) { /* wire side, straight */
Lines 4614-4620 Link Here
4614	pd->src, th->th_dport, th->th_sport,	4621	pd->src, th->th_dport, th->th_sport,
4615	(*state)->src.seqhi, ntohl(th->th_seq) + 1,	4622	(*state)->src.seqhi, ntohl(th->th_seq) + 1,
4616	TH_SYN\|TH_ACK, 0, (*state)->src.mss, 0, 1,	4623	TH_SYN\|TH_ACK, 0, (*state)->src.mss, 0, 1,
4617	0, NULL, NULL);	4624	0, NULL, NULL, NULL);
4618	REASON_SET(reason, PFRES_SYNPROXY);	4625	REASON_SET(reason, PFRES_SYNPROXY);
4619	return (PF_SYNPROXY_DROP);	4626	return (PF_SYNPROXY_DROP);
4620	} else if (!(th->th_flags & TH_ACK) \|\|	4627	} else if (!(th->th_flags & TH_ACK) \|\|
Lines 4630-4635 Link Here
4630	(*state)->src.state = PF_TCPS_PROXY_DST;	4637	(*state)->src.state = PF_TCPS_PROXY_DST;
4631	}	4638	}
4632	if ((*state)->src.state == PF_TCPS_PROXY_DST) {	4639	if ((*state)->src.state == PF_TCPS_PROXY_DST) {
		4640	/* When running a combination of route-to and synproxy state,
		4641	the SYN packet going to route-to target must use the target interface
		4642	and gateway stored in connection state instead of standard route table lookup */
		4643	if ( (*state)->rt_kif ) {
		4644	/* Assign gateway interface and flags */
		4645	route_to_rt.rt_flags = RTF_UP\|RTF_HOST\|RTF_GATEWAY;
		4646	route_to_rt.rt_ifp = (*state)->rt_kif->pfik_ifp;
		4647	route_to_rt.rt_ifa = (*state)->rt_kif->pfik_ifp->if_addr;
		4648	route_to_rt.rt_rmx.rmx_mtu = (*state)->rt_kif->pfik_ifp->if_mtu;
		4649
		4650	/* Assign gateway address. */
		4651	route_to_gw.sin_family = AF_INET;
		4652	route_to_gw.sin_len = sizeof(struct sockaddr_in);
		4653	route_to_gw.sin_addr = (*state)->rt_addr.v4;
		4654
		4655	/* Assign destination address. */
		4656	((struct sockaddr_in*)&route_to_ro.ro_dst)->sin_family = AF_INET;
		4657	((struct sockaddr_in*)&route_to_ro.ro_dst)->sin_len = sizeof(struct sockaddr_in);
		4658	((struct sockaddr_in*)&route_to_ro.ro_dst)->sin_addr = sk->addr[pd->didx].v4;
		4659
		4660	/* Glue things together */
		4661	route_to_ro.ro_lle = NULL;
		4662	route_to_rt.rt_gateway = (struct sockaddr*)&route_to_gw;
		4663	route_to_ro.ro_rt = &route_to_rt;
		4664	route_to_ro0 = &route_to_ro;
		4665	}
		4666
4633	if (direction == (*state)->direction) {	4667	if (direction == (*state)->direction) {
4634	if (((th->th_flags & (TH_SYN\|TH_ACK)) != TH_ACK) \|\|	4668	if (((th->th_flags & (TH_SYN\|TH_ACK)) != TH_ACK) \|\|
4635	(ntohl(th->th_ack) != (*state)->src.seqhi + 1) \|\|	4669	(ntohl(th->th_ack) != (*state)->src.seqhi + 1) \|\|
Lines 4648-4654 Link Here
4648	&sk->addr[pd->sidx], &sk->addr[pd->didx],	4682	&sk->addr[pd->sidx], &sk->addr[pd->didx],
4649	sk->port[pd->sidx], sk->port[pd->didx],	4683	sk->port[pd->sidx], sk->port[pd->didx],
4650	(*state)->dst.seqhi, 0, TH_SYN, 0,	4684	(*state)->dst.seqhi, 0, TH_SYN, 0,
4651	(state)->src.mss, 0, 0, (state)->tag, NULL, NULL);	4685	(state)->src.mss, 0, 0, (state)->tag, NULL, NULL, route_to_ro0);
4652	REASON_SET(reason, PFRES_SYNPROXY);	4686	REASON_SET(reason, PFRES_SYNPROXY);
4653	return (PF_SYNPROXY_DROP);	4687	return (PF_SYNPROXY_DROP);
4654	} else if (((th->th_flags & (TH_SYN\|TH_ACK)) !=	4688	} else if (((th->th_flags & (TH_SYN\|TH_ACK)) !=
Lines 4667-4673 Link Here
4667	pd->src, th->th_dport, th->th_sport,	4701	pd->src, th->th_dport, th->th_sport,
4668	ntohl(th->th_ack), ntohl(th->th_seq) + 1,	4702	ntohl(th->th_ack), ntohl(th->th_seq) + 1,
4669	TH_ACK, (*state)->src.max_win, 0, 0, 0,	4703	TH_ACK, (*state)->src.max_win, 0, 0, 0,
4670	(*state)->tag, NULL, NULL);	4704	(*state)->tag, NULL, NULL, NULL);
4671	#ifdef __FreeBSD__	4705	#ifdef __FreeBSD__
4672	pf_send_tcp(NULL, (*state)->rule.ptr, pd->af,	4706	pf_send_tcp(NULL, (*state)->rule.ptr, pd->af,
4673	#else	4707	#else
Lines 4677-4683 Link Here
4677	sk->port[pd->sidx], sk->port[pd->didx],	4711	sk->port[pd->sidx], sk->port[pd->didx],
4678	(state)->src.seqhi + 1, (state)->src.seqlo + 1,	4712	(state)->src.seqhi + 1, (state)->src.seqlo + 1,
4679	TH_ACK, (*state)->dst.max_win, 0, 0, 1,	4713	TH_ACK, (*state)->dst.max_win, 0, 0, 1,
4680	0, NULL, NULL);	4714	0, NULL, NULL, route_to_ro0);
4681	(state)->src.seqdiff = (state)->dst.seqhi -	4715	(state)->src.seqdiff = (state)->dst.seqhi -
4682	(*state)->src.seqlo;	4716	(*state)->src.seqlo;
4683	(state)->dst.seqdiff = (state)->src.seqhi -	4717	(state)->dst.seqdiff = (state)->src.seqhi -