diff options
| author | Gleb Smirnoff <glebius@FreeBSD.org> | 2019-03-10 17:20:09 +0000 |
|---|---|---|
| committer | Gleb Smirnoff <glebius@FreeBSD.org> | 2019-03-10 17:20:09 +0000 |
| commit | c93410229ceb75d52da41e681f70f352141b7d97 (patch) | |
| tree | 7d76ebc96fbf1b1a6fa7ede3926fe07083300e1b | |
| parent | b9fdb4b3a3ad19c20fdf93e922acd3b8ec4f4b44 (diff) | |
Notes
| -rw-r--r-- | sys/net/pfil.c | 29 | ||||
| -rw-r--r-- | sys/net/pfil.h | 22 |
2 files changed, 45 insertions, 6 deletions
diff --git a/sys/net/pfil.c b/sys/net/pfil.c index d1c99416300c3..3ff744cd415ad 100644 --- a/sys/net/pfil.c +++ b/sys/net/pfil.c @@ -118,15 +118,31 @@ VNET_DEFINE_STATIC(struct pfilhookhead, pfil_hook_list) = static struct pfil_link *pfil_link_remove(pfil_chain_t *, pfil_hook_t ); static void pfil_link_free(epoch_context_t); +int +pfil_realloc(pfil_packet_t *p, int flags, struct ifnet *ifp) +{ + struct mbuf *m; + + MPASS(flags & PFIL_MEMPTR); + + if ((m = m_devget(p->mem, PFIL_LENGTH(flags), 0, ifp, NULL)) == NULL) + return (ENOMEM); + *p = pfil_packet_align(*p); + *p->m = m; + + return (0); +} + static __noinline int -pfil_fake_mbuf(pfil_func_t func, void *mem, struct ifnet *ifp, int flags, +pfil_fake_mbuf(pfil_func_t func, pfil_packet_t *p, struct ifnet *ifp, int flags, void *ruleset, struct inpcb *inp) { struct mbuf m, *mp; pfil_return_t rv; (void)m_init(&m, M_NOWAIT, MT_DATA, M_NOFREE | M_PKTHDR); - m_extadd(&m, mem, PFIL_LENGTH(flags), NULL, NULL, NULL, 0, EXT_RXRING); + m_extadd(&m, p->mem, PFIL_LENGTH(flags), NULL, NULL, NULL, 0, + EXT_RXRING); m.m_len = m.m_pkthdr.len = PFIL_LENGTH(flags); mp = &m; flags &= ~(PFIL_MEMPTR | PFIL_LENMASK); @@ -135,10 +151,11 @@ pfil_fake_mbuf(pfil_func_t func, void *mem, struct ifnet *ifp, int flags, if (rv == PFIL_PASS && mp != &m) { /* * Firewalls that need pfil_fake_mbuf() most likely don't - * know to return PFIL_REALLOCED. + * know they need return PFIL_REALLOCED. */ rv = PFIL_REALLOCED; - *(struct mbuf **)mem = mp; + *p = pfil_packet_align(*p); + *p->m = mp; } return (rv); @@ -168,8 +185,8 @@ pfil_run_hooks(struct pfil_head *head, pfil_packet_t p, struct ifnet *ifp, PFIL_EPOCH_ENTER(et); CK_STAILQ_FOREACH(link, pch, link_chain) { if ((flags & PFIL_MEMPTR) && !(link->link_flags & PFIL_MEMPTR)) - rv = pfil_fake_mbuf(link->link_func, p.mem, ifp, - flags, link->link_ruleset, inp); + rv = pfil_fake_mbuf(link->link_func, &p, ifp, flags, + link->link_ruleset, inp); else rv = (*link->link_func)(p, ifp, flags, link->link_ruleset, inp); diff --git a/sys/net/pfil.h b/sys/net/pfil.h index 13d78e6a277f7..da045b30c6ed5 100644 --- a/sys/net/pfil.h +++ b/sys/net/pfil.h @@ -98,8 +98,25 @@ struct inpcb; typedef union { struct mbuf **m; void *mem; + uintptr_t __ui; } pfil_packet_t __attribute__((__transparent_union__)); +static inline pfil_packet_t +pfil_packet_align(pfil_packet_t p) +{ + + return ((pfil_packet_t ) (((uintptr_t)(p).mem + + (_Alignof(void *) - 1)) & - _Alignof(void *))); +} + +static inline struct mbuf * +pfil_mem2mbuf(void *v) +{ + + return (*(struct mbuf **) (((uintptr_t)(v) + + (_Alignof(void *) - 1)) & - _Alignof(void *))); +} + typedef enum { PFIL_PASS = 0, PFIL_DROPPED, @@ -188,5 +205,10 @@ struct _pfil_head { #define PFIL_HOOKED_IN(p) (((struct _pfil_head *)(p))->head_nhooksin > 0) #define PFIL_HOOKED_OUT(p) (((struct _pfil_head *)(p))->head_nhooksout > 0) +/* + * Alloc mbuf to be used instead of memory pointer. + */ +int pfil_realloc(pfil_packet_t *, int, struct ifnet *); + #endif /* _KERNEL */ #endif /* _NET_PFIL_H_ */ |