d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

PFIL_HOOKS optimization: check if at least one hook is present before

Browse Source 
munging the IP header to pass to the hooks
This commit is contained in:
sam 2003-02-11 21:48:20 +00:00
parent bebc78d3e1
commit b65dfed25b
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
sys/net/bridge.c
View File

@ -904,7 +904,7 @@ bdg_forward(struct mbuf *m0, struct ifnet *dst)
* NetBSD-style generic packet filter, pfil(9), hooks.
* Enables ipf(8) in bridging.
*/
if (m0->m_pkthdr.len >= sizeof(struct ip) &&
if (pfh != NULL && m0->m_pkthdr.len >= sizeof(struct ip) &&
ntohs(save_eh.ether_type) == ETHERTYPE_IP) {
/*
* before calling the firewall, swap fields the same as IP does.
@ -915,7 +915,7 @@ bdg_forward(struct mbuf *m0, struct ifnet *dst)
ip->ip_len = ntohs(ip->ip_len);
ip->ip_off = ntohs(ip->ip_off);
for (; pfh; pfh = TAILQ_NEXT(pfh, pfil_link))
do {
if (pfh->pfil_func) {
rv = pfh->pfil_func(ip, ip->ip_hl << 2, src, 0, &m0);
if (m0 == NULL) {
@ -928,6 +928,7 @@ bdg_forward(struct mbuf *m0, struct ifnet *dst)
}
ip = mtod(m0, struct ip *);
}
} while (pfh = TAILQ_NEXT(pfh, pfil_link));
/*
* If we get here, the firewall has passed the pkt, but the mbuf
* pointer might have changed. Restore ip and the fields ntohs()'d.