Module Name: src
Committed By: martin
Date: Tue Mar 14 17:11:13 UTC 2023
Modified Files:
src/sys/net/npf [netbsd-9]: npf.h npf_mbuf.c npf_sendpkt.c
Log Message:
Pull up following revision(s) (requested by kardel in ticket #119):
sys/net/npf/npf_mbuf.c: revision 1.25
sys/net/npf/npf.h: revision 1.64
sys/net/npf/npf_sendpkt.c: revision 1.23
PR kern/56052:
allow block-return packets passed through without rule matching.
Included up-stream ashttps://github.com/rmind/npf/pull/115
To generate a diff of this commit:
cvs rdiff -u -r1.60.2.3 -r1.60.2.4 src/sys/net/npf/npf.h
cvs rdiff -u -r1.22.4.1 -r1.22.4.2 src/sys/net/npf/npf_mbuf.c
cvs rdiff -u -r1.21.4.1 -r1.21.4.2 src/sys/net/npf/npf_sendpkt.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/net/npf/npf.h
diff -u src/sys/net/npf/npf.h:1.60.2.3 src/sys/net/npf/npf.h:1.60.2.4
--- src/sys/net/npf/npf.h:1.60.2.3 Sat Jun 20 15:46:47 2020
+++ src/sys/net/npf/npf.h Tue Mar 14 17:11:13 2023
@@ -122,6 +122,7 @@ void * nbuf_ensure_writable(nbuf_t *, s
bool nbuf_cksum_barrier(nbuf_t *, int);
int nbuf_add_tag(nbuf_t *, uint32_t);
+int npf_mbuf_add_tag(nbuf_t *, struct mbuf *, uint32_t);
int nbuf_find_tag(nbuf_t *, uint32_t *);
/*
Index: src/sys/net/npf/npf_mbuf.c
diff -u src/sys/net/npf/npf_mbuf.c:1.22.4.1 src/sys/net/npf/npf_mbuf.c:1.22.4.2
--- src/sys/net/npf/npf_mbuf.c:1.22.4.1 Sat Jun 20 15:46:47 2020
+++ src/sys/net/npf/npf_mbuf.c Tue Mar 14 17:11:13 2023
@@ -36,7 +36,7 @@
#ifdef _KERNEL
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_mbuf.c,v 1.22.4.1 2020/06/20 15:46:47 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_mbuf.c,v 1.22.4.2 2023/03/14 17:11:13 martin Exp $");
#include <sys/param.h>
#include <sys/mbuf.h>
@@ -297,14 +297,13 @@ nbuf_cksum_barrier(nbuf_t *nbuf, int di)
}
/*
- * nbuf_add_tag: associate a tag with the network buffer.
+ * npf_mbuf_add_tag: associate a tag with the network buffer.
*
* => Returns 0 on success or error number on failure.
*/
int
-nbuf_add_tag(nbuf_t *nbuf, uint32_t val)
+npf_mbuf_add_tag(nbuf_t *nbuf, struct mbuf *m, uint32_t val)
{
- struct mbuf *m = nbuf->nb_mbuf0;
#ifdef _KERNEL
struct m_tag *mt;
uint32_t *dat;
@@ -328,6 +327,18 @@ nbuf_add_tag(nbuf_t *nbuf, uint32_t val)
}
/*
+ * nbuf_add_tag: associate a tag with the network buffer.
+ *
+ * => Returns 0 on success or error number on failure.
+ */
+int
+nbuf_add_tag(nbuf_t *nbuf, uint32_t val)
+{
+ struct mbuf *m = nbuf->nb_mbuf0;
+ return npf_mbuf_add_tag(nbuf, m, val);
+}
+
+/*
* nbuf_find_tag: find a tag associated with a network buffer.
*
* => Returns 0 on success or error number on failure.
Index: src/sys/net/npf/npf_sendpkt.c
diff -u src/sys/net/npf/npf_sendpkt.c:1.21.4.1 src/sys/net/npf/npf_sendpkt.c:1.21.4.2
--- src/sys/net/npf/npf_sendpkt.c:1.21.4.1 Sat Jun 20 15:46:47 2020
+++ src/sys/net/npf/npf_sendpkt.c Tue Mar 14 17:11:13 2023
@@ -33,7 +33,7 @@
#ifdef _KERNEL
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_sendpkt.c,v 1.21.4.1 2020/06/20 15:46:47 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_sendpkt.c,v 1.21.4.2 2023/03/14 17:11:13 martin Exp $");
#include <sys/param.h>
#include <sys/types.h>
@@ -197,6 +197,9 @@ npf_return_tcp(npf_cache_t *npc)
}
}
+ /* don't look at our generated reject packets going out */
+ (void)npf_mbuf_add_tag(npc->npc_nbuf, m, NPF_NTAG_PASS);
+
/* Pass to IP layer. */
if (npf_iscached(npc, NPC_IP4)) {
return ip_output(m, NULL, NULL, IP_FORWARDING, NULL, NULL);
@@ -215,6 +218,9 @@ npf_return_icmp(const npf_cache_t *npc)
{
struct mbuf *m = nbuf_head_mbuf(npc->npc_nbuf);
+ /* don't look at our generated reject packets going out */
+ (void)nbuf_add_tag(npc->npc_nbuf, NPF_NTAG_PASS);
+
if (npf_iscached(npc, NPC_IP4)) {
icmp_error(m, ICMP_UNREACH, ICMP_UNREACH_ADMIN_PROHIBIT, 0, 0);
return 0;
