pf ouraddr in ip6_input

2016-07-18 Thread Alexander Bluhm 
Hi,

The IPv4 ip_input() uses a shortcut if the pf state key is linked
to a socket inp.  Let's do the same thing for IPv6.

ok?

bluhm

Index: netinet6/ip6_input.c
===
RCS file: /cvs/src/sys/netinet6/ip6_input.c,v
retrieving revision 1.164
diff -u -p -r1.164 ip6_input.c
--- netinet6/ip6_input.c18 Jul 2016 19:50:49 -  1.164
+++ netinet6/ip6_input.c18 Jul 2016 20:00:24 -
@@ -375,7 +375,7 @@ ip6_input(struct mbuf *m)
goto hbhcheck;
}
 
-   if (m->m_pkthdr.pf.flags & PF_TAG_DIVERTED) {
+   if (pf_ouraddr(m) == 1) {
ours = 1;
goto hbhcheck;
}

Re: pf ouraddr

2016-07-18 Thread Alexandr Nedvedicky 
Hello,

it looks good to me.

OK sasha

On Mon, Jul 18, 2016 at 10:51:44AM +0200, Alexander Bluhm wrote:
> Hi,
> 
> To hide pf internals move code from in_ouraddr() to pf_ouraddr().
> This will also make it possible to implement the same shortcut for
> IPv6.
> 
> ok?
> 
> bluhm
>

pf ouraddr

2016-07-18 Thread Alexander Bluhm 
Hi,

To hide pf internals move code from in_ouraddr() to pf_ouraddr().
This will also make it possible to implement the same shortcut for
IPv6.

ok?

bluhm

Index: net/pf.c
===
RCS file: /data/mirror/openbsd/cvs/src/sys/net/pf.c,v
retrieving revision 1.978
diff -u -p -r1.978 pf.c
--- net/pf.c21 Jun 2016 16:45:37 -  1.978
+++ net/pf.c18 Jul 2016 08:30:49 -
@@ -6761,6 +6761,27 @@ pf_cksum(struct pf_pdesc *pd, struct mbu
}
 }
 
+int
+pf_ouraddr(struct mbuf *m)
+{
+   struct pf_state_key *sk;
+
+   if (m->m_pkthdr.pf.flags & PF_TAG_DIVERTED)
+   return (1);
+
+   sk = m->m_pkthdr.pf.statekey;
+   if (sk != NULL) {
+   if (sk->inp != NULL)
+   return (1);
+
+   /* If we have linked state keys it is certainly forwarded. */
+   if (sk->reverse != NULL)
+   return (0);
+   }
+
+   return (-1);
+}
+
 /*
  * must be called whenever any addressing information such as
  * address, port, protocol has changed
Index: net/pfvar.h
===
RCS file: /data/mirror/openbsd/cvs/src/sys/net/pfvar.h,v
retrieving revision 1.431
diff -u -p -r1.431 pfvar.h
--- net/pfvar.h 29 Mar 2016 10:34:42 -  1.431
+++ net/pfvar.h 18 Jul 2016 08:30:49 -
@@ -1763,6 +1763,7 @@ int   pf_rtlabel_match(struct pf_addr *, s
int);
 intpf_socket_lookup(struct pf_pdesc *);
 struct pf_state_key *pf_alloc_state_key(int);
+intpf_ouraddr(struct mbuf *);
 void   pf_pkt_addr_changed(struct mbuf *);
 struct inpcb *pf_inp_lookup(struct mbuf *);
 void   pf_inp_link(struct mbuf *, struct inpcb *);
Index: netinet/ip_input.c
===
RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/ip_input.c,v
retrieving revision 1.277
diff -u -p -r1.277 ip_input.c
--- netinet/ip_input.c  18 Jun 2016 10:36:13 -  1.277
+++ netinet/ip_input.c  18 Jul 2016 08:30:49 -
@@ -592,20 +592,16 @@ in_ouraddr(struct mbuf *m, struct ifnet 
struct ip   *ip;
struct sockaddr_in   sin;
int  match = 0;
-#if NPF > 0
-   struct pf_state_key *key;
 
-   if (m->m_pkthdr.pf.flags & PF_TAG_DIVERTED)
+#if NPF > 0
+   switch (pf_ouraddr(m)) {
+   case 0:
+   return (0);
+   case 1:
return (1);
-
-   key = m->m_pkthdr.pf.statekey;
-   if (key != NULL) {
-   if (key->inp != NULL)
-   return (1);
-
-   /* If we have linked state keys it is certainly forwarded. */
-   if (key->reverse != NULL)
-   return (0);
+   default:
+   /* pf does not know it */
+   break;
}
 #endif