d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

o In pf_normalize_ip() we don't need mtag in

Browse Source 
!(PFRULE_FRAGCROP|PFRULE_FRAGDROP) case.
o In the (PFRULE_FRAGCROP|PFRULE_FRAGDROP) case we should allocate mtag
  if we don't find any.

Tested by:	Ian FREISLICH <ianf cloudseed.co.za>
This commit is contained in:
Gleb Smirnoff 2014-05-17 12:30:27 +00:00
parent 92e7f50a4e
commit 0e4f18aa68
1 changed files with 7 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
sys/netpfil/pf/pf_norm.c
View File

@ -984,18 +984,6 @@ pf_normalize_ip(struct mbuf **m0, int dir, struct pfi_kif *kif, u_short *reason,
if (m == NULL)
return (PF_DROP);
/* use mtag from concatenated mbuf chain */
pd->pf_mtag = pf_find_mtag(m);
#ifdef DIAGNOSTIC
if (pd->pf_mtag == NULL) {
printf("%s: pf_find_mtag returned NULL(1)\n", __func__);
if ((pd->pf_mtag = pf_get_mtag(m)) == NULL) {
m_freem(m);
*m0 = NULL;
goto no_mem;
}
}
#endif
if (frag != NULL && (frag->fr_flags & PFFRAG_DROP))
goto drop;
@ -1004,7 +992,8 @@ pf_normalize_ip(struct mbuf **m0, int dir, struct pfi_kif *kif, u_short *reason,
/* non-buffering fragment cache (drops or masks overlaps) */
int nomem = 0;
if (dir == PF_OUT && pd->pf_mtag->flags & PF_TAG_FRAGCACHE) {
if (dir == PF_OUT && pd->pf_mtag &&
pd->pf_mtag->flags & PF_TAG_FRAGCACHE) {
/*
* Already passed the fragment cache in the
* input direction. If we continued, it would
@ -1033,20 +1022,16 @@ pf_normalize_ip(struct mbuf **m0, int dir, struct pfi_kif *kif, u_short *reason,
goto drop;
}
/* use mtag from copied and trimmed mbuf chain */
pd->pf_mtag = pf_find_mtag(m);
#ifdef DIAGNOSTIC
if (pd->pf_mtag == NULL) {
printf("%s: pf_find_mtag returned NULL(2)\n", __func__);
if ((pd->pf_mtag = pf_get_mtag(m)) == NULL) {
if (dir == PF_IN) {
/* Use mtag from copied and trimmed mbuf chain. */
pd->pf_mtag = pf_get_mtag(m);
if (pd->pf_mtag == NULL) {
m_freem(m);
*m0 = NULL;
goto no_mem;
}
}
#endif
if (dir == PF_IN)
pd->pf_mtag->flags |= PF_TAG_FRAGCACHE;
}
if (frag != NULL && (frag->fr_flags & PFFRAG_DROP))
goto drop;