upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-06-05 06:42:56 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

pf: simplify pf_patch* arguments

Browse source 
Pass struct pf_pdesc rather than separate arguments.

Sponsored by:	Rubicon Communications, LLC ("Netgate")
This commit is contained in:
Kristof Provost 2025-04-16 12:17:45 +02:00
parent f09ee340d2
commit 911d74bcbd
3 changed files with 27 additions and 39 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
sys/net/pfvar.h
View file

@ -2453,10 +2453,8 @@ void pf_change_a(void *, u_int16_t *, u_int32_t, u_int8_t);
void pf_change_proto_a(struct mbuf *, void *, u_int16_t *, u_int32_t,
u_int8_t);
void pf_change_tcp_a(struct mbuf *, void *, u_int16_t *, u_int32_t);
void pf_patch_16_unaligned(struct mbuf *, u_int16_t *, void *, u_int16_t,
bool, u_int8_t);
void pf_patch_32_unaligned(struct mbuf *, u_int16_t *, void *, u_int32_t,
bool, u_int8_t);
void pf_patch_16_unaligned(struct pf_pdesc *, void *, u_int16_t, bool);
void pf_patch_32_unaligned(struct pf_pdesc *, void *, u_int32_t, bool);
void pf_send_deferred_syn(struct pf_kstate *);
int pf_match_addr(u_int8_t, const struct pf_addr *,
const struct pf_addr *, const struct pf_addr *, sa_family_t);

42
sys/netpfil/pf/pf.c
View file

@ -381,8 +381,8 @@ static int pf_walk_header6(struct pf_pdesc *, struct ip6_hdr *,
u_short *);
static void pf_print_state_parts(struct pf_kstate *,
struct pf_state_key *, struct pf_state_key *);
static void pf_patch_8(struct mbuf *, u_int16_t *, u_int8_t *, u_int8_t,
bool, u_int8_t);
static void pf_patch_8(struct pf_pdesc *, u_int8_t *, u_int8_t,
bool);
static struct pf_kstate *pf_find_state(struct pfi_kkif *,
const struct pf_state_key_cmp *, u_int);
static bool pf_src_connlimit(struct pf_kstate *);
@ -3216,8 +3216,7 @@ pf_cksum_fixup(u_int16_t cksum, u_int16_t old, u_int16_t new, u_int8_t udp)
}
static void
pf_patch_8(struct mbuf *m, u_int16_t *cksum, u_int8_t *f, u_int8_t v, bool hi,
u_int8_t udp)
pf_patch_8(struct pf_pdesc *pd, u_int8_t *f, u_int8_t v, bool hi)
{
u_int16_t old = htons(hi ? (*f << 8) : *f);
u_int16_t new = htons(hi ? ( v << 8) : v);
@ -3227,34 +3226,33 @@ pf_patch_8(struct mbuf *m, u_int16_t *cksum, u_int8_t *f, u_int8_t v, bool hi,
*f = v;
if (m->m_pkthdr.csum_flags & (CSUM_DELAY_DATA | CSUM_DELAY_DATA_IPV6))
if (pd->m->m_pkthdr.csum_flags & (CSUM_DELAY_DATA | CSUM_DELAY_DATA_IPV6))
return;
*cksum = pf_cksum_fixup(*cksum, old, new, udp);
*pd->pcksum = pf_cksum_fixup(*pd->pcksum, old, new,
pd->proto == IPPROTO_UDP);
}
void
pf_patch_16_unaligned(struct mbuf *m, u_int16_t *cksum, void *f, u_int16_t v,
bool hi, u_int8_t udp)
pf_patch_16_unaligned(struct pf_pdesc *pd, void *f, u_int16_t v, bool hi)
{
u_int8_t *fb = (u_int8_t *)f;
u_int8_t *vb = (u_int8_t *)&v;
pf_patch_8(m, cksum, fb++, *vb++, hi, udp);
pf_patch_8(m, cksum, fb++, *vb++, !hi, udp);
pf_patch_8(pd, fb++, *vb++, hi);
pf_patch_8(pd, fb++, *vb++, !hi);
}
void
pf_patch_32_unaligned(struct mbuf *m, u_int16_t *cksum, void *f, u_int32_t v,
bool hi, u_int8_t udp)
pf_patch_32_unaligned(struct pf_pdesc *pd, void *f, u_int32_t v, bool hi)
{
u_int8_t *fb = (u_int8_t *)f;
u_int8_t *vb = (u_int8_t *)&v;
pf_patch_8(m, cksum, fb++, *vb++, hi, udp);
pf_patch_8(m, cksum, fb++, *vb++, !hi, udp);
pf_patch_8(m, cksum, fb++, *vb++, hi, udp);
pf_patch_8(m, cksum, fb++, *vb++, !hi, udp);
pf_patch_8(pd, fb++, *vb++, hi);
pf_patch_8(pd, fb++, *vb++, !hi);
pf_patch_8(pd, fb++, *vb++, hi);
pf_patch_8(pd, fb++, *vb++, !hi);
}
u_int16_t
@ -3952,16 +3950,14 @@ pf_modulate_sack(struct pf_pdesc *pd, struct tcphdr *th,
for (i = 2; i + TCPOLEN_SACK <= olen;
i += TCPOLEN_SACK) {
memcpy(&sack, &opt[i], sizeof(sack));
pf_patch_32_unaligned(pd->m,
&th->th_sum, &sack.start,
pf_patch_32_unaligned(pd,
&sack.start,
htonl(ntohl(sack.start) - dst->seqdiff),
PF_ALGNMNT(startoff),
0);
pf_patch_32_unaligned(pd->m, &th->th_sum,
PF_ALGNMNT(startoff));
pf_patch_32_unaligned(pd,
&sack.end,
htonl(ntohl(sack.end) - dst->seqdiff),
PF_ALGNMNT(startoff),
0);
PF_ALGNMNT(startoff));
memcpy(&opt[i], &sack, sizeof(sack));
}
copyback = 1;

18
sys/netpfil/pf/pf_norm.c
View file

@ -1633,13 +1633,11 @@ pf_normalize_tcp_stateful(struct pf_pdesc *pd,
(src->scrub->pfss_flags &
PFSS_TIMESTAMP)) {
tsval = ntohl(tsval);
pf_patch_32_unaligned(pd->m,
&th->th_sum,
pf_patch_32_unaligned(pd,
&opt[2],
htonl(tsval +
src->scrub->pfss_ts_mod),
PF_ALGNMNT(startoff),
0);
PF_ALGNMNT(startoff));
copyback = 1;
}
@ -1651,12 +1649,10 @@ pf_normalize_tcp_stateful(struct pf_pdesc *pd,
PFSS_TIMESTAMP)) {
tsecr = ntohl(tsecr)
- dst->scrub->pfss_ts_mod;
pf_patch_32_unaligned(pd->m,
&th->th_sum,
pf_patch_32_unaligned(pd,
&opt[6],
htonl(tsecr),
PF_ALGNMNT(startoff),
0);
PF_ALGNMNT(startoff));
copyback = 1;
}
got_ts = 1;
@ -1978,11 +1974,9 @@ pf_normalize_mss(struct pf_pdesc *pd)
case TCPOPT_MAXSEG:
mss = (u_int16_t *)(optp + 2);
if ((ntohs(*mss)) > pd->act.max_mss) {
pf_patch_16_unaligned(pd->m,
&th->th_sum,
pf_patch_16_unaligned(pd,
mss, htons(pd->act.max_mss),
PF_ALGNMNT(startoff),
0);
PF_ALGNMNT(startoff));
m_copyback(pd->m, pd->off + sizeof(*th),
thoff - sizeof(*th), opts);
m_copyback(pd->m, pd->off, sizeof(*th), (caddr_t)th);