On 17 February 2015 at 20:31, John-Mark Gurney <j...@funkthat.com> wrote:
> Gleb Smirnoff wrote this message on Mon, Feb 16, 2015 at 03:38 +0000:
>> Author: glebius
>> Date: Mon Feb 16 03:38:27 2015
>> New Revision: 278831
>> URL: https://svnweb.freebsd.org/changeset/base/278831
>>
>> Log:
>> Update the pf fragment handling code to closer match recent OpenBSD.
>> That partially fixes IPv6 fragment handling. Thanks to Kristof for
>> working on that.
>>
>> Submitted by: Kristof Provost
>> Tested by: peter
>> Differential Revision: D1765
>
> Looks like pf_flush_fragments still called in !INET case, though only
> defined for INET case:
> /scratch/tmp/jmg/src.head/sys/modules/pf/../../netpfil/pf/pf_norm.c:385:3:
> error: implicit declaration of function 'pf_flush_fragments' is invalid in
> C99 [-Werror,-Wimplicit-function-declaration]
> pf_flush_fragments();
>
> when compiling LINT-NOINET kernel..
With the changes attached I got all three kernels with both cc compiled
(tested on MINI w/ MODULES_OVERRIDE=pf). Basically,
- pf_flush_fragments is improperly INET-only
- pf_find_fragment is properly declared, but its body is under INET
- pf_refragment6 / pf_reassemble6 are properly under INET6,
which is also under INET (the latter is wrong).
- bonus: some functions may be / were static'ized.
--
wbr,
pluknet
Index: sys/netpfil/pf/pf_norm.c
===================================================================
--- sys/netpfil/pf/pf_norm.c (revision 278917)
+++ sys/netpfil/pf/pf_norm.c (working copy)
@@ -138,17 +138,17 @@ static void pf_free_fragment(struct pf_fragment *)
static void pf_remove_fragment(struct pf_fragment *);
static int pf_normalize_tcpopt(struct pf_rule *, struct mbuf *,
struct tcphdr *, int, sa_family_t);
-struct pf_frent *pf_create_fragment(u_short *);
+static struct pf_frent *pf_create_fragment(u_short *);
static struct pf_fragment *
pf_find_fragment(struct pf_fragment_cmp *key,
struct pf_frag_tree *tree);
static struct pf_fragment *
pf_fillup_fragment(struct pf_fragment_cmp *, struct pf_frent *,
u_short *);
static int pf_isfull_fragment(struct pf_fragment *);
-struct mbuf *pf_join_fragment(struct pf_fragment *);
+static struct mbuf *pf_join_fragment(struct pf_fragment *);
+static void pf_flush_fragments(void);
#ifdef INET
static void pf_scrub_ip(struct mbuf **, uint32_t, uint8_t, uint8_t);
-static void pf_flush_fragments(void);
static int pf_reassemble(struct mbuf **, struct ip *, int, u_short *);
static struct mbuf *
pf_fragcache(struct mbuf **, struct ip*, struct pf_fragment **,
@@ -267,7 +267,6 @@ pf_purge_expired_fragments(void)
PF_FRAG_UNLOCK();
}
-#ifdef INET
/*
* Try to flush old fragments to make space for new ones
*/
@@ -292,7 +291,6 @@ pf_flush_fragments(void)
break;
}
}
-#endif /* INET */
/* Frees the fragments and all associated entries */
static void
@@ -329,7 +327,6 @@ pf_free_fragment(struct pf_fragment *frag)
pf_remove_fragment(frag);
}
-#ifdef INET
static struct pf_fragment *
pf_find_fragment(struct pf_fragment_cmp *key, struct pf_frag_tree *tree)
{
@@ -352,10 +349,8 @@ pf_find_fragment(struct pf_fragment_cmp *key, stru
return (frag);
}
-#endif /* INET */
/* Removes a fragment from the fragment queue and frees the fragment */
-
static void
pf_remove_fragment(struct pf_fragment *frag)
{
@@ -373,7 +368,7 @@ pf_remove_fragment(struct pf_fragment *frag)
}
}
-struct pf_frent *
+static struct pf_frent *
pf_create_fragment(u_short *reason)
{
struct pf_frent *frent;
@@ -393,7 +388,7 @@ pf_create_fragment(u_short *reason)
return (frent);
}
-struct pf_fragment *
+static struct pf_fragment *
pf_fillup_fragment(struct pf_fragment_cmp *key, struct pf_frent *frent,
u_short *reason)
{
@@ -570,7 +565,7 @@ pf_isfull_fragment(struct pf_fragment *frag)
return (1);
}
-struct mbuf *
+static struct mbuf *
pf_join_fragment(struct pf_fragment *frag)
{
struct mbuf *m, *m2;
@@ -666,6 +661,7 @@ pf_reassemble(struct mbuf **m0, struct ip *ip, int
DPFPRINTF(("complete: %p(%d)\n", m, ntohs(ip->ip_len)));
return (PF_PASS);
}
+#endif /* INET */
#ifdef INET6
static int
@@ -789,6 +785,7 @@ fail:
}
#endif /* INET6 */
+#ifdef INET
static struct mbuf *
pf_fragcache(struct mbuf **m0, struct ip *h, struct pf_fragment **frag, int
mff,
int drop, int *nomem)
@@ -1090,6 +1087,7 @@ pf_fragcache(struct mbuf **m0, struct ip *h, struc
m_freem(m);
return (NULL);
}
+#endif /* INET */
#ifdef INET6
int
@@ -1162,6 +1160,7 @@ pf_refragment6(struct ifnet *ifp, struct mbuf **m0
}
#endif /* INET6 */
+#ifdef INET
int
pf_normalize_ip(struct mbuf **m0, int dir, struct pfi_kif *kif, u_short
*reason,
struct pf_pdesc *pd)
_______________________________________________
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
