net: use pfil_mbuf_{in,out} where we always have an mbuf
This finalizes what has been started in 0b70e3e78b
.
Reviewed by: kp, mjg
Differential revision: https://reviews.freebsd.org/D37976
This commit is contained in:
parent
6f23df1ae7
commit
a22561501f
@ -2137,12 +2137,8 @@ vtnet_rxq_eof(struct vtnet_rxq *rxq)
|
|||||||
if (PFIL_HOOKED_IN(sc->vtnet_pfil)) {
|
if (PFIL_HOOKED_IN(sc->vtnet_pfil)) {
|
||||||
pfil_return_t pfil;
|
pfil_return_t pfil;
|
||||||
|
|
||||||
pfil = pfil_run_hooks(sc->vtnet_pfil, &m, ifp, PFIL_IN,
|
pfil = pfil_mbuf_in(sc->vtnet_pfil, &m, ifp, NULL);
|
||||||
NULL);
|
|
||||||
switch (pfil) {
|
switch (pfil) {
|
||||||
case PFIL_REALLOCED:
|
|
||||||
m = pfil_mem2mbuf(m->m_data);
|
|
||||||
break;
|
|
||||||
case PFIL_DROPPED:
|
case PFIL_DROPPED:
|
||||||
case PFIL_CONSUMED:
|
case PFIL_CONSUMED:
|
||||||
continue;
|
continue;
|
||||||
|
@ -3365,7 +3365,7 @@ bridge_pfil(struct mbuf **mp, struct ifnet *bifp, struct ifnet *ifp, int dir)
|
|||||||
/* Run the packet through pfil before stripping link headers */
|
/* Run the packet through pfil before stripping link headers */
|
||||||
if (PFIL_HOOKED_OUT(V_link_pfil_head) && V_pfil_ipfw != 0 &&
|
if (PFIL_HOOKED_OUT(V_link_pfil_head) && V_pfil_ipfw != 0 &&
|
||||||
dir == PFIL_OUT && ifp != NULL) {
|
dir == PFIL_OUT && ifp != NULL) {
|
||||||
switch (pfil_run_hooks(V_link_pfil_head, mp, ifp, dir, NULL)) {
|
switch (pfil_mbuf_out(V_link_pfil_head, mp, ifp, NULL)) {
|
||||||
case PFIL_DROPPED:
|
case PFIL_DROPPED:
|
||||||
return (EACCES);
|
return (EACCES);
|
||||||
case PFIL_CONSUMED:
|
case PFIL_CONSUMED:
|
||||||
@ -3419,17 +3419,20 @@ bridge_pfil(struct mbuf **mp, struct ifnet *bifp, struct ifnet *ifp, int dir)
|
|||||||
* in_if -> bridge_if -> out_if
|
* in_if -> bridge_if -> out_if
|
||||||
*/
|
*/
|
||||||
if (V_pfil_bridge && dir == PFIL_OUT && bifp != NULL && (rv =
|
if (V_pfil_bridge && dir == PFIL_OUT && bifp != NULL && (rv =
|
||||||
pfil_run_hooks(V_inet_pfil_head, mp, bifp, dir, NULL)) !=
|
pfil_mbuf_out(V_inet_pfil_head, mp, bifp, NULL)) !=
|
||||||
PFIL_PASS)
|
PFIL_PASS)
|
||||||
break;
|
break;
|
||||||
|
|
||||||
if (V_pfil_member && ifp != NULL && (rv =
|
if (V_pfil_member && ifp != NULL) {
|
||||||
pfil_run_hooks(V_inet_pfil_head, mp, ifp, dir, NULL)) !=
|
rv = (dir == PFIL_OUT) ?
|
||||||
PFIL_PASS)
|
pfil_mbuf_out(V_inet_pfil_head, mp, ifp, NULL) :
|
||||||
break;
|
pfil_mbuf_in(V_inet_pfil_head, mp, ifp, NULL);
|
||||||
|
if (rv != PFIL_PASS)
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
if (V_pfil_bridge && dir == PFIL_IN && bifp != NULL && (rv =
|
if (V_pfil_bridge && dir == PFIL_IN && bifp != NULL && (rv =
|
||||||
pfil_run_hooks(V_inet_pfil_head, mp, bifp, dir, NULL)) !=
|
pfil_mbuf_in(V_inet_pfil_head, mp, bifp, NULL)) !=
|
||||||
PFIL_PASS)
|
PFIL_PASS)
|
||||||
break;
|
break;
|
||||||
|
|
||||||
@ -3467,17 +3470,20 @@ bridge_pfil(struct mbuf **mp, struct ifnet *bifp, struct ifnet *ifp, int dir)
|
|||||||
#ifdef INET6
|
#ifdef INET6
|
||||||
case ETHERTYPE_IPV6:
|
case ETHERTYPE_IPV6:
|
||||||
if (V_pfil_bridge && dir == PFIL_OUT && bifp != NULL && (rv =
|
if (V_pfil_bridge && dir == PFIL_OUT && bifp != NULL && (rv =
|
||||||
pfil_run_hooks(V_inet6_pfil_head, mp, bifp, dir, NULL)) !=
|
pfil_mbuf_out(V_inet6_pfil_head, mp, bifp, NULL)) !=
|
||||||
PFIL_PASS)
|
PFIL_PASS)
|
||||||
break;
|
break;
|
||||||
|
|
||||||
if (V_pfil_member && ifp != NULL && (rv =
|
if (V_pfil_member && ifp != NULL) {
|
||||||
pfil_run_hooks(V_inet6_pfil_head, mp, ifp, dir, NULL)) !=
|
rv = (dir == PFIL_OUT) ?
|
||||||
PFIL_PASS)
|
pfil_mbuf_out(V_inet6_pfil_head, mp, ifp, NULL) :
|
||||||
break;
|
pfil_mbuf_in(V_inet6_pfil_head, mp, ifp, NULL);
|
||||||
|
if (rv != PFIL_PASS)
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
if (V_pfil_bridge && dir == PFIL_IN && bifp != NULL && (rv =
|
if (V_pfil_bridge && dir == PFIL_IN && bifp != NULL && (rv =
|
||||||
pfil_run_hooks(V_inet6_pfil_head, mp, bifp, dir, NULL)) !=
|
pfil_mbuf_in(V_inet6_pfil_head, mp, bifp, NULL)) !=
|
||||||
PFIL_PASS)
|
PFIL_PASS)
|
||||||
break;
|
break;
|
||||||
break;
|
break;
|
||||||
|
@ -247,7 +247,7 @@ enc_hhook(int32_t hhook_type, int32_t hhook_id, void *udata, void *ctx_data,
|
|||||||
struct enc_softc *sc;
|
struct enc_softc *sc;
|
||||||
struct ifnet *ifp, *rcvif;
|
struct ifnet *ifp, *rcvif;
|
||||||
struct pfil_head *ph;
|
struct pfil_head *ph;
|
||||||
int pdir;
|
int pdir, ret;
|
||||||
|
|
||||||
sc = (struct enc_softc *)udata;
|
sc = (struct enc_softc *)udata;
|
||||||
ifp = sc->sc_ifp;
|
ifp = sc->sc_ifp;
|
||||||
@ -307,7 +307,11 @@ enc_hhook(int32_t hhook_type, int32_t hhook_id, void *udata, void *ctx_data,
|
|||||||
/* Make a packet looks like it was received on enc(4) */
|
/* Make a packet looks like it was received on enc(4) */
|
||||||
rcvif = (*ctx->mp)->m_pkthdr.rcvif;
|
rcvif = (*ctx->mp)->m_pkthdr.rcvif;
|
||||||
(*ctx->mp)->m_pkthdr.rcvif = ifp;
|
(*ctx->mp)->m_pkthdr.rcvif = ifp;
|
||||||
if (pfil_run_hooks(ph, ctx->mp, ifp, pdir, ctx->inp) != PFIL_PASS) {
|
if (pdir == PFIL_IN)
|
||||||
|
ret = pfil_mbuf_in(ph, ctx->mp, ifp, ctx->inp);
|
||||||
|
else
|
||||||
|
ret = pfil_mbuf_out(ph, ctx->mp, ifp, ctx->inp);
|
||||||
|
if (ret != PFIL_PASS) {
|
||||||
*ctx->mp = NULL; /* consumed by filter */
|
*ctx->mp = NULL; /* consumed by filter */
|
||||||
return (EACCES);
|
return (EACCES);
|
||||||
}
|
}
|
||||||
|
@ -474,8 +474,7 @@ ether_output_frame(struct ifnet *ifp, struct mbuf *m)
|
|||||||
return (0);
|
return (0);
|
||||||
|
|
||||||
if (PFIL_HOOKED_OUT(V_link_pfil_head))
|
if (PFIL_HOOKED_OUT(V_link_pfil_head))
|
||||||
switch (pfil_run_hooks(V_link_pfil_head, &m, ifp, PFIL_OUT,
|
switch (pfil_mbuf_out(V_link_pfil_head, &m, ifp, NULL)) {
|
||||||
NULL)) {
|
|
||||||
case PFIL_DROPPED:
|
case PFIL_DROPPED:
|
||||||
return (EACCES);
|
return (EACCES);
|
||||||
case PFIL_CONSUMED:
|
case PFIL_CONSUMED:
|
||||||
@ -853,7 +852,7 @@ ether_demux(struct ifnet *ifp, struct mbuf *m)
|
|||||||
|
|
||||||
/* Do not grab PROMISC frames in case we are re-entered. */
|
/* Do not grab PROMISC frames in case we are re-entered. */
|
||||||
if (PFIL_HOOKED_IN(V_link_pfil_head) && !(m->m_flags & M_PROMISC)) {
|
if (PFIL_HOOKED_IN(V_link_pfil_head) && !(m->m_flags & M_PROMISC)) {
|
||||||
i = pfil_run_hooks(V_link_pfil_head, &m, ifp, PFIL_IN, NULL);
|
i = pfil_mbuf_in(V_link_pfil_head, &m, ifp, NULL);
|
||||||
if (i != 0 || m == NULL)
|
if (i != 0 || m == NULL)
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
@ -116,14 +116,13 @@ ip_output_pfil(struct mbuf **mp, struct ifnet *ifp, int flags,
|
|||||||
struct mbuf *m;
|
struct mbuf *m;
|
||||||
struct in_addr odst;
|
struct in_addr odst;
|
||||||
struct ip *ip;
|
struct ip *ip;
|
||||||
int pflags = PFIL_OUT;
|
|
||||||
|
|
||||||
m = *mp;
|
m = *mp;
|
||||||
ip = mtod(m, struct ip *);
|
ip = mtod(m, struct ip *);
|
||||||
|
|
||||||
/* Run through list of hooks for output packets. */
|
/* Run through list of hooks for output packets. */
|
||||||
odst.s_addr = ip->ip_dst.s_addr;
|
odst.s_addr = ip->ip_dst.s_addr;
|
||||||
switch (pfil_run_hooks(V_inet_pfil_head, mp, ifp, pflags, inp)) {
|
switch (pfil_mbuf_out(V_inet_pfil_head, mp, ifp, inp)) {
|
||||||
case PFIL_DROPPED:
|
case PFIL_DROPPED:
|
||||||
*error = EACCES;
|
*error = EACCES;
|
||||||
/* FALLTHROUGH */
|
/* FALLTHROUGH */
|
||||||
|
Loading…
Reference in New Issue
Block a user