View | Details | Raw Unified | Return to bug 183997 | Differences between
and this patch

Collapse All | Expand All

(-)pf.c (-28 / +13 lines)
Lines 266-273 static u_int16_t pf_get_mss(struct mbuf *, int, u Link Here
266
			    sa_family_t);
266
			    sa_family_t);
267
static u_int16_t	 pf_calc_mss(struct pf_addr *, sa_family_t,
267
static u_int16_t	 pf_calc_mss(struct pf_addr *, sa_family_t,
268
				int, u_int16_t);
268
				int, u_int16_t);
269
static void		 pf_set_rt_ifp(struct pf_state *,
270
			    struct pf_addr *);
271
static int		 pf_check_proto_cksum(struct mbuf *, int, int,
269
static int		 pf_check_proto_cksum(struct mbuf *, int, int,
272
			    u_int8_t, sa_family_t);
270
			    u_int8_t, sa_family_t);
273
static void		 pf_print_state_parts(struct pf_state *,
271
static void		 pf_print_state_parts(struct pf_state *,
Lines 2954-2984 pf_calc_mss(struct pf_addr *addr, sa_family_t af, Link Here
2954
	return (mss);
2952
	return (mss);
2955
}
2953
}
2956
2954
2957
static void
2958
pf_set_rt_ifp(struct pf_state *s, struct pf_addr *saddr)
2959
{
2960
	struct pf_rule *r = s->rule.ptr;
2961
	struct pf_src_node *sn = NULL;
2962
2963
	s->rt_kif = NULL;
2964
	if (!r->rt || r->rt == PF_FASTROUTE)
2965
		return;
2966
	switch (s->key[PF_SK_WIRE]->af) {
2967
#ifdef INET
2968
	case AF_INET:
2969
		pf_map_addr(AF_INET, r, saddr, &s->rt_addr, NULL, &sn);
2970
		s->rt_kif = r->rpool.cur->kif;
2971
		break;
2972
#endif /* INET */
2973
#ifdef INET6
2974
	case AF_INET6:
2975
		pf_map_addr(AF_INET6, r, saddr, &s->rt_addr, NULL, &sn);
2976
		s->rt_kif = r->rpool.cur->kif;
2977
		break;
2978
#endif /* INET6 */
2979
	}
2980
}
2981
2982
static u_int32_t
2955
static u_int32_t
2983
pf_tcp_iss(struct pf_pdesc *pd)
2956
pf_tcp_iss(struct pf_pdesc *pd)
2984
{
2957
{
Lines 3541-3546 pf_create_state(struct pf_rule *r, struct pf_rule Link Here
3541
		s->timeout = PFTM_OTHER_FIRST_PACKET;
3514
		s->timeout = PFTM_OTHER_FIRST_PACKET;
3542
	}
3515
	}
3543
3516
3517
	if (r->rt && r->rt != PF_FASTROUTE) {
3518
		struct pf_src_node *sn = NULL;
3519
3520
		if (pf_map_addr(pd->af, r, pd->src, &s->rt_addr, NULL, &sn)) {
3521
			REASON_SET(&reason, PFRES_MAPFAILED);
3522
			pf_src_tree_remove_state(s);
3523
			STATE_DEC_COUNTERS(s);
3524
			uma_zfree(V_pf_state_z, s);
3525
			goto csfailed;
3526
		}
3527
		s->rt_kif = r->rpool.cur->kif;
3528
	}
3529
3544
	s->creation = time_uptime;
3530
	s->creation = time_uptime;
3545
	s->expire = time_uptime;
3531
	s->expire = time_uptime;
3546
3532
Lines 3606-3612 pf_create_state(struct pf_rule *r, struct pf_rule Link Here
3606
	} else
3592
	} else
3607
		*sm = s;
3593
		*sm = s;
3608
3594
3609
	pf_set_rt_ifp(s, pd->src);	/* needs s->state_key set */
3610
	if (tag > 0)
3595
	if (tag > 0)
3611
		s->tag = tag;
3596
		s->tag = tag;
3612
	if (pd->proto == IPPROTO_TCP && (th->th_flags & (TH_SYN|TH_ACK)) ==
3597
	if (pd->proto == IPPROTO_TCP && (th->th_flags & (TH_SYN|TH_ACK)) ==
(-)pf.h (-1 / +3 lines)
Lines 124-130 enum { PF_ADDR_ADDRMASK, PF_ADDR_NOROUTE, PF_ADDR_ Link Here
124
#define PFRES_MAXSTATES	12		/* State limit */
124
#define PFRES_MAXSTATES	12		/* State limit */
125
#define PFRES_SRCLIMIT	13		/* Source node/conn limit */
125
#define PFRES_SRCLIMIT	13		/* Source node/conn limit */
126
#define PFRES_SYNPROXY	14		/* SYN proxy */
126
#define PFRES_SYNPROXY	14		/* SYN proxy */
127
#define PFRES_MAX	15		/* total+1 */
127
#define PFRES_MAPFAILED	15		/* pa_map_addr() failed */
128
#define PFRES_MAX	16		/* total+1 */
128
129
129
#define PFRES_NAMES { \
130
#define PFRES_NAMES { \
130
	"match", \
131
	"match", \
Lines 142-147 enum { PF_ADDR_ADDRMASK, PF_ADDR_NOROUTE, PF_ADDR_ Link Here
142
	"state-limit", \
143
	"state-limit", \
143
	"src-limit", \
144
	"src-limit", \
144
	"synproxy", \
145
	"synproxy", \
146
	"map-failed", \
145
	NULL \
147
	NULL \
146
}
148
}
147
149

Return to bug 183997