d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

pf: Map hook returns onto the correct error values

Browse Source 
pf returns PF_PASS, PF_DROP, ... in the netpfil hooks, but the hook callers
expect to get E<foo> error codes.
Map the returns values. A pass is 0 (everything is OK), anything else means
pf ate the packet, so return EACCES, which tells the stack not to emit an ICMP
error message.

PR:	207598
This commit is contained in:
Kristof Provost 2016-07-09 12:17:01 +00:00
parent 8795de77ce
commit aa7cac58c6
1 changed files with 12 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
sys/netpfil/pf/pf_ioctl.c
View File

@ -3563,7 +3563,9 @@ pf_check_in(void *arg, struct mbuf **m, struct ifnet *ifp, int dir,
*m = NULL;
}
return (chk);
if (chk != PF_PASS)
return (EACCES);
return (0);
}
static int
@ -3578,7 +3580,9 @@ pf_check_out(void *arg, struct mbuf **m, struct ifnet *ifp, int dir,
*m = NULL;
}
return (chk);
if (chk != PF_PASS)
return (EACCES);
return (0);
}
#endif
@ -3601,7 +3605,9 @@ pf_check6_in(void *arg, struct mbuf **m, struct ifnet *ifp, int dir,
m_freem(*m);
*m = NULL;
}
return chk;
if (chk != PF_PASS)
return (EACCES);
return (0);
}
static int
@ -3617,7 +3623,9 @@ pf_check6_out(void *arg, struct mbuf **m, struct ifnet *ifp, int dir,
m_freem(*m);
*m = NULL;
}
return chk;
if (chk != PF_PASS)
return (EACCES);
return (0);
}
#endif /* INET6 */