SecBSD/src
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

sync

Browse source
This commit is contained in:
purplerain 2023-05-13 14:25:18 +00:00
parent f609457dcf
commit 62073e0295
Signed by: purplerain
GPG key ID: F42C07F07E2E35B7
318 changed files with 8112 additions and 4346 deletions
Download patch file Download diff file Expand all files Collapse all files

63
sys/net/if.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: if.c,v 1.694 2023/04/26 19:54:35 mvs Exp $ */
/* $OpenBSD: if.c,v 1.695 2023/05/07 16:23:23 bluhm Exp $ */
/* $NetBSD: if.c,v 1.35 1996/05/07 05:26:04 thorpej Exp $ */
/*
@ -761,27 +761,6 @@ if_enqueue_ifq(struct ifnet *ifp, struct mbuf *m)
return (0);
}
void
if_mqoutput(struct ifnet *ifp, struct mbuf_queue *mq, unsigned int *total,
struct sockaddr *dst, struct rtentry *rt)
{
struct mbuf_list ml;
struct mbuf *m;
unsigned int len;
mq_delist(mq, &ml);
len = ml_len(&ml);
while ((m = ml_dequeue(&ml)) != NULL)
ifp->if_output(ifp, m, rt_key(rt), rt);
/* XXXSMP we also discard if other CPU enqueues */
if (mq_len(mq) > 0) {
/* mbuf is back in queue. Discard. */
atomic_sub_int(total, len + mq_purge(mq));
} else
atomic_sub_int(total, len);
}
void
if_input(struct ifnet *ifp, struct mbuf_list *ml)
{
@ -843,6 +822,46 @@ if_input_local(struct ifnet *ifp, struct mbuf *m, sa_family_t af)
return (0);
}
int
if_output_ml(struct ifnet *ifp, struct mbuf_list *ml,
struct sockaddr *dst, struct rtentry *rt)
{
struct mbuf *m;
int error = 0;
while ((m = ml_dequeue(ml)) != NULL) {
error = ifp->if_output(ifp, m, dst, rt);
if (error)
break;
}
if (error)
ml_purge(ml);
return error;
}
int
if_output_mq(struct ifnet *ifp, struct mbuf_queue *mq, unsigned int *total,
struct sockaddr *dst, struct rtentry *rt)
{
struct mbuf_list ml;
unsigned int len;
int error;
mq_delist(mq, &ml);
len = ml_len(&ml);
error = if_output_ml(ifp, &ml, dst, rt);
/* XXXSMP we also discard if other CPU enqueues */
if (mq_len(mq) > 0) {
/* mbuf is back in queue. Discard. */
atomic_sub_int(total, len + mq_purge(mq));
} else
atomic_sub_int(total, len);
return error;
}
int
if_output_local(struct ifnet *ifp, struct mbuf *m, sa_family_t af)
{

10
sys/net/if_bridge.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: if_bridge.c,v 1.365 2023/02/27 09:35:32 jan Exp $ */
/* $OpenBSD: if_bridge.c,v 1.366 2023/05/07 16:23:23 bluhm Exp $ */
/*
* Copyright (c) 1999, 2000 Jason L. Wright (jason@thought.net)
@ -1826,7 +1826,7 @@ bridge_fragment(struct ifnet *brifp, struct ifnet *ifp, struct ether_header *eh,
struct mbuf *m)
{
struct llc llc;
struct mbuf_list fml;
struct mbuf_list ml;
int error = 0;
int hassnap = 0;
u_int16_t etype;
@ -1884,11 +1884,11 @@ bridge_fragment(struct ifnet *brifp, struct ifnet *ifp, struct ether_header *eh,
return;
}
error = ip_fragment(m, &fml, ifp, ifp->if_mtu);
error = ip_fragment(m, &ml, ifp, ifp->if_mtu);
if (error)
return;
while ((m = ml_dequeue(&fml)) != NULL) {
while ((m = ml_dequeue(&ml)) != NULL) {
if (hassnap) {
M_PREPEND(m, LLC_SNAPFRAMELEN, M_DONTWAIT);
if (m == NULL) {
@ -1908,7 +1908,7 @@ bridge_fragment(struct ifnet *brifp, struct ifnet *ifp, struct ether_header *eh,
break;
}
if (error)
ml_purge(&fml);
ml_purge(&ml);
else
ipstat_inc(ips_fragmented);

8
sys/net/if_var.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: if_var.h,v 1.125 2023/04/18 22:01:24 mvs Exp $ */
/* $OpenBSD: if_var.h,v 1.126 2023/05/07 16:23:23 bluhm Exp $ */
/* $NetBSD: if.h,v 1.23 1996/05/07 02:40:27 thorpej Exp $ */
/*
@ -321,12 +321,14 @@ extern struct ifnet_head ifnetlist;
void if_start(struct ifnet *);
int if_enqueue(struct ifnet *, struct mbuf *);
int if_enqueue_ifq(struct ifnet *, struct mbuf *);
void if_mqoutput(struct ifnet *, struct mbuf_queue *, unsigned int *,
struct sockaddr *, struct rtentry *);
void if_input(struct ifnet *, struct mbuf_list *);
void if_vinput(struct ifnet *, struct mbuf *);
void if_input_process(struct ifnet *, struct mbuf_list *);
int if_input_local(struct ifnet *, struct mbuf *, sa_family_t);
int if_output_ml(struct ifnet *, struct mbuf_list *,
struct sockaddr *, struct rtentry *);
int if_output_mq(struct ifnet *, struct mbuf_queue *, unsigned int *,
struct sockaddr *, struct rtentry *);
int if_output_local(struct ifnet *, struct mbuf *, sa_family_t);
void if_rtrequest_dummy(struct ifnet *, int, struct rtentry *);
void p2p_rtrequest(struct ifnet *, int, struct rtentry *);

73
sys/net/pf.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: pf.c,v 1.1174 2023/04/28 14:08:34 phessler Exp $ */
/* $OpenBSD: pf.c,v 1.1178 2023/05/10 12:07:16 bluhm Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@ -1370,6 +1370,8 @@ pf_state_import(const struct pfsync_state *sp, int flags)
int error = ENOMEM;
int n = 0;
PF_ASSERT_LOCKED();
if (sp->creatorid == 0) {
DPFPRINTF(LOG_NOTICE, "%s: invalid creator id: %08x", __func__,
ntohl(sp->creatorid));
@ -4270,6 +4272,8 @@ pf_test_rule(struct pf_pdesc *pd, struct pf_rule **rm, struct pf_state **sm,
struct pf_test_ctx ctx;
int rv;
PF_ASSERT_LOCKED();
memset(&ctx, 0, sizeof(ctx));
ctx.pd = pd;
ctx.rm = rm;
@ -6462,12 +6466,11 @@ void
pf_route(struct pf_pdesc *pd, struct pf_state *st)
{
struct mbuf *m0;
struct mbuf_list fml;
struct mbuf_list ml;
struct sockaddr_in *dst, sin;
struct rtentry *rt = NULL;
struct ip *ip;
struct ifnet *ifp = NULL;
int error = 0;
unsigned int rtableid;
if (pd->m->m_pkthdr.pf.routed++ > 3) {
@ -6545,8 +6548,6 @@ pf_route(struct pf_pdesc *pd, struct pf_state *st)
ip = mtod(m0, struct ip *);
}
in_proto_cksum_out(m0, ifp);
if (ntohs(ip->ip_len) <= ifp->if_mtu) {
ip->ip_sum = 0;
if (ifp->if_capabilities & IFCAP_CSUM_IPv4)
@ -6555,10 +6556,21 @@ pf_route(struct pf_pdesc *pd, struct pf_state *st)
ipstat_inc(ips_outswcsum);
ip->ip_sum = in_cksum(m0, ip->ip_hl << 2);
}
error = ifp->if_output(ifp, m0, sintosa(dst), rt);
in_proto_cksum_out(m0, ifp);
ifp->if_output(ifp, m0, sintosa(dst), rt);
goto done;
}
if (ISSET(m0->m_pkthdr.csum_flags, M_TCP_TSO) &&
m0->m_pkthdr.ph_mss <= ifp->if_mtu) {
if (tcp_chopper(m0, &ml, ifp, m0->m_pkthdr.ph_mss) ||
if_output_ml(ifp, &ml, sintosa(dst), rt))
goto done;
tcpstat_inc(tcps_outswtso);
goto done;
}
CLR(m0->m_pkthdr.csum_flags, M_TCP_TSO);
/*
* Too large for interface; fragment if possible.
* Must be able to put at least 8 bytes per fragment.
@ -6571,19 +6583,10 @@ pf_route(struct pf_pdesc *pd, struct pf_state *st)
goto bad;
}
error = ip_fragment(m0, &fml, ifp, ifp->if_mtu);
if (error)
if (ip_fragment(m0, &ml, ifp, ifp->if_mtu) ||
if_output_ml(ifp, &ml, sintosa(dst), rt))
goto done;
while ((m0 = ml_dequeue(&fml)) != NULL) {
error = ifp->if_output(ifp, m0, sintosa(dst), rt);
if (error)
break;
}
if (error)
ml_purge(&fml);
else
ipstat_inc(ips_fragmented);
ipstat_inc(ips_fragmented);
done:
if_put(ifp);
@ -6601,6 +6604,7 @@ void
pf_route6(struct pf_pdesc *pd, struct pf_state *st)
{
struct mbuf *m0;
struct mbuf_list ml;
struct sockaddr_in6 *dst, sin6;
struct rtentry *rt = NULL;
struct ip6_hdr *ip6;
@ -6683,24 +6687,37 @@ pf_route6(struct pf_pdesc *pd, struct pf_state *st)
}
}
in6_proto_cksum_out(m0, ifp);
/*
* If packet has been reassembled by PF earlier, we have to
* use pf_refragment6() here to turn it back to fragments.
*/
if ((mtag = m_tag_find(m0, PACKET_TAG_PF_REASSEMBLED, NULL))) {
(void) pf_refragment6(&m0, mtag, dst, ifp, rt);
} else if ((u_long)m0->m_pkthdr.len <= ifp->if_mtu) {
ifp->if_output(ifp, m0, sin6tosa(dst), rt);
} else {
ip6stat_inc(ip6s_cantfrag);
if (st->rt != PF_DUPTO)
pf_send_icmp(m0, ICMP6_PACKET_TOO_BIG, 0,
ifp->if_mtu, pd->af, st->rule.ptr, pd->rdomain);
goto bad;
goto done;
}
if (m0->m_pkthdr.len <= ifp->if_mtu) {
in6_proto_cksum_out(m0, ifp);
ifp->if_output(ifp, m0, sin6tosa(dst), rt);
goto done;
}
if (ISSET(m0->m_pkthdr.csum_flags, M_TCP_TSO) &&
m0->m_pkthdr.ph_mss <= ifp->if_mtu) {
if (tcp_chopper(m0, &ml, ifp, m0->m_pkthdr.ph_mss) ||
if_output_ml(ifp, &ml, sin6tosa(dst), rt))
goto done;
tcpstat_inc(tcps_outswtso);
goto done;
}
CLR(m0->m_pkthdr.csum_flags, M_TCP_TSO);
ip6stat_inc(ip6s_cantfrag);
if (st->rt != PF_DUPTO)
pf_send_icmp(m0, ICMP6_PACKET_TOO_BIG, 0,
ifp->if_mtu, pd->af, st->rule.ptr, pd->rdomain);
goto bad;
done:
if_put(ifp);
rtfree(rt);

13
sys/net/pf_ioctl.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: pf_ioctl.c,v 1.402 2023/04/29 10:25:32 kn Exp $ */
/* $OpenBSD: pf_ioctl.c,v 1.404 2023/05/11 12:36:22 kn Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@ -858,6 +858,8 @@ pf_commit_rules(u_int32_t version, char *anchor)
struct pf_rulequeue *old_rules;
u_int32_t old_rcount;
PF_ASSERT_LOCKED();
rs = pf_find_ruleset(anchor);
if (rs == NULL || !rs->rules.inactive.open ||
version != rs->rules.inactive.version)
@ -2105,8 +2107,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
NET_LOCK();
PF_LOCK();
if (pl->index < 0 || pl->index >= PF_LIMIT_MAX ||
pf_pool_limits[pl->index].pp == NULL) {
if (pl->index < 0 || pl->index >= PF_LIMIT_MAX) {
error = EINVAL;
PF_UNLOCK();
NET_UNLOCK();
@ -2151,13 +2152,11 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
struct pf_ruleset *ruleset;
struct pf_anchor *anchor;
NET_LOCK();
PF_LOCK();
pr->path[sizeof(pr->path) - 1] = '\0';
if ((ruleset = pf_find_ruleset(pr->path)) == NULL) {
error = EINVAL;
PF_UNLOCK();
NET_UNLOCK();
goto fail;
}
pr->nr = 0;
@ -2172,7 +2171,6 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
pr->nr++;
}
PF_UNLOCK();
NET_UNLOCK();
break;
}
@ -2182,13 +2180,11 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
struct pf_anchor *anchor;
u_int32_t nr = 0;
NET_LOCK();
PF_LOCK();
pr->path[sizeof(pr->path) - 1] = '\0';
if ((ruleset = pf_find_ruleset(pr->path)) == NULL) {
error = EINVAL;
PF_UNLOCK();
NET_UNLOCK();
goto fail;
}
pr->name[0] = '\0';
@ -2210,7 +2206,6 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
}
}
PF_UNLOCK();
NET_UNLOCK();
if (!pr->name[0])
error = EBUSY;
break;

14
sys/net/pf_lb.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: pf_lb.c,v 1.73 2023/01/04 10:31:55 dlg Exp $ */
/* $OpenBSD: pf_lb.c,v 1.74 2023/05/10 22:42:51 sashan Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@ -196,18 +196,24 @@ pf_get_sport(struct pf_pdesc *pd, struct pf_rule *r,
/* XXX bug: icmp states dont use the id on both
* XXX sides (traceroute -I through nat) */
key.port[sidx] = pd->nsport;
key.hash = pf_pkt_hash(key.af, key.proto, &key.addr[0],
&key.addr[1], key.port[0], key.port[1]);
if (pf_find_state_all(&key, dir, NULL) == NULL) {
*nport = pd->nsport;
return (0);
}
} else if (low == 0 && high == 0) {
key.port[sidx] = pd->nsport;
key.hash = pf_pkt_hash(key.af, key.proto, &key.addr[0],
&key.addr[1], key.port[0], key.port[1]);
if (pf_find_state_all(&key, dir, NULL) == NULL) {
*nport = pd->nsport;
return (0);
}
} else if (low == high) {
key.port[sidx] = htons(low);
key.hash = pf_pkt_hash(key.af, key.proto, &key.addr[0],
&key.addr[1], key.port[0], key.port[1]);
if (pf_find_state_all(&key, dir, NULL) == NULL) {
*nport = htons(low);
return (0);
@ -225,6 +231,9 @@ pf_get_sport(struct pf_pdesc *pd, struct pf_rule *r,
/* low <= cut <= high */
for (tmp = cut; tmp <= high && tmp <= 0xffff; ++tmp) {
key.port[sidx] = htons(tmp);
key.hash = pf_pkt_hash(key.af, key.proto,
&key.addr[0], &key.addr[1], key.port[0],
key.port[1]);
if (pf_find_state_all(&key, dir, NULL) ==
NULL && !in_baddynamic(tmp, pd->proto)) {
*nport = htons(tmp);
@ -234,6 +243,9 @@ pf_get_sport(struct pf_pdesc *pd, struct pf_rule *r,
tmp = cut;
for (tmp -= 1; tmp >= low && tmp <= 0xffff; --tmp) {
key.port[sidx] = htons(tmp);
key.hash = pf_pkt_hash(key.af, key.proto,
&key.addr[0], &key.addr[1], key.port[0],
key.port[1]);
if (pf_find_state_all(&key, dir, NULL) ==
NULL && !in_baddynamic(tmp, pd->proto)) {
*nport = htons(tmp);

8
sys/net/pf_norm.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: pf_norm.c,v 1.226 2022/11/06 18:05:05 dlg Exp $ */
/* $OpenBSD: pf_norm.c,v 1.227 2023/05/07 16:23:23 bluhm Exp $ */
/*
* Copyright 2001 Niels Provos <provos@citi.umich.edu>
@ -954,7 +954,7 @@ pf_refragment6(struct mbuf **m0, struct m_tag *mtag, struct sockaddr_in6 *dst,
struct ifnet *ifp, struct rtentry *rt)
{
struct mbuf *m = *m0;
struct mbuf_list fml;
struct mbuf_list ml;
struct pf_fragment_tag *ftag = (struct pf_fragment_tag *)(mtag + 1);
u_int32_t mtu;
u_int16_t hdrlen, extoff, maxlen;
@ -997,14 +997,14 @@ pf_refragment6(struct mbuf **m0, struct m_tag *mtag, struct sockaddr_in6 *dst,
* we drop the packet.
*/
mtu = hdrlen + sizeof(struct ip6_frag) + maxlen;
error = ip6_fragment(m, &fml, hdrlen, proto, mtu);
error = ip6_fragment(m, &ml, hdrlen, proto, mtu);
*m0 = NULL; /* ip6_fragment() has consumed original packet. */
if (error) {
DPFPRINTF(LOG_NOTICE, "refragment error %d", error);
return (PF_DROP);
}
while ((m = ml_dequeue(&fml)) != NULL) {
while ((m = ml_dequeue(&ml)) != NULL) {
m->m_pkthdr.pf.flags |= PF_TAG_REFRAGMENTED;
if (ifp == NULL) {
ip6_forward(m, NULL, 0);

70
sys/net/pf_osfp.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: pf_osfp.c,v 1.45 2020/12/15 15:23:48 sashan Exp $ */
/* $OpenBSD: pf_osfp.c,v 1.46 2023/05/07 12:45:21 kn Exp $ */
/*
* Copyright (c) 2003 Mike Frantzen <frantzen@w4g.org>
@ -60,10 +60,9 @@ typedef struct pool pool_t;
#define pool_put(pool, item) free(item)
#define pool_init(pool, size, a, ao, f, m, p) (*(pool)) = (size)
#define NET_LOCK()
#define NET_UNLOCK()
#define PF_LOCK()
#define PF_UNLOCK()
#define PF_ASSERT_LOCKED()
#ifdef PFDEBUG
#include <sys/stdarg.h> /* for DPFPRINTF() */
@ -71,16 +70,21 @@ typedef struct pool pool_t;
#endif /* _KERNEL */
SLIST_HEAD(pf_osfp_list, pf_os_fingerprint) pf_osfp_list;
pool_t pf_osfp_entry_pl;
pool_t pf_osfp_pl;
/*
* Protection/ownership:
* I immutable after pf_osfp_initialize()
* p pf_lock
*/
struct pf_os_fingerprint *pf_osfp_find(struct pf_osfp_list *,
struct pf_os_fingerprint *, u_int8_t);
struct pf_os_fingerprint *pf_osfp_find_exact(struct pf_osfp_list *,
struct pf_os_fingerprint *);
void pf_osfp_insert(struct pf_osfp_list *,
struct pf_os_fingerprint *);
SLIST_HEAD(pf_osfp_list, pf_os_fingerprint) pf_osfp_list =
SLIST_HEAD_INITIALIZER(pf_osfp_list); /* [p] */
pool_t pf_osfp_entry_pl; /* [I] */
pool_t pf_osfp_pl; /* [I] */
struct pf_os_fingerprint *pf_osfp_find(struct pf_os_fingerprint *,
u_int8_t);
struct pf_os_fingerprint *pf_osfp_find_exact(struct pf_os_fingerprint *);
void pf_osfp_insert(struct pf_os_fingerprint *);
#ifdef _KERNEL
@ -257,8 +261,7 @@ pf_osfp_fingerprint_hdr(const struct ip *ip, const struct ip6_hdr *ip6,
(fp.fp_flags & PF_OSFP_WSCALE_DC) ? "*" : "",
fp.fp_wscale);
if ((fpresult = pf_osfp_find(&pf_osfp_list, &fp,
PF_OSFP_MAXTTL_OFFSET)))
if ((fpresult = pf_osfp_find(&fp, PF_OSFP_MAXTTL_OFFSET)))
return (&fpresult->fp_oses);
return (NULL);
}
@ -302,7 +305,6 @@ pf_osfp_initialize(void)
IPL_NONE, PR_WAITOK, "pfosfpen", NULL);
pool_init(&pf_osfp_pl, sizeof(struct pf_os_fingerprint), 0,
IPL_NONE, PR_WAITOK, "pfosfp", NULL);
SLIST_INIT(&pf_osfp_list);
}
/* Flush the fingerprint list */
@ -312,7 +314,6 @@ pf_osfp_flush(void)
struct pf_os_fingerprint *fp;
struct pf_osfp_entry *entry;
NET_LOCK();
PF_LOCK();
while ((fp = SLIST_FIRST(&pf_osfp_list))) {
SLIST_REMOVE_HEAD(&pf_osfp_list, fp_next);
@ -323,7 +324,6 @@ pf_osfp_flush(void)
pool_put(&pf_osfp_pl, fp);
}
PF_UNLOCK();
NET_UNLOCK();
}
@ -379,14 +379,12 @@ pf_osfp_add(struct pf_osfp_ioctl *fpioc)
return (ENOMEM);
}
NET_LOCK();
PF_LOCK();
if ((fp = pf_osfp_find_exact(&pf_osfp_list, &fpadd))) {
if ((fp = pf_osfp_find_exact(&fpadd))) {
struct pf_osfp_entry *tentry;
SLIST_FOREACH(tentry, &fp->fp_oses, fp_entry) {
if (PF_OSFP_ENTRY_EQ(tentry, &fpioc->fp_os)) {
NET_UNLOCK();
PF_UNLOCK();
pool_put(&pf_osfp_entry_pl, entry);
pool_put(&pf_osfp_pl, fp_prealloc);
@ -405,7 +403,7 @@ pf_osfp_add(struct pf_osfp_ioctl *fpioc)
fp->fp_wscale = fpioc->fp_wscale;
fp->fp_ttl = fpioc->fp_ttl;
SLIST_INIT(&fp->fp_oses);
pf_osfp_insert(&pf_osfp_list, fp);
pf_osfp_insert(fp);
}
memcpy(entry, &fpioc->fp_os, sizeof(*entry));
@ -416,7 +414,6 @@ pf_osfp_add(struct pf_osfp_ioctl *fpioc)
SLIST_INSERT_HEAD(&fp->fp_oses, entry, fp_entry);
PF_UNLOCK();
NET_UNLOCK();
#ifdef PFDEBUG
if ((fp = pf_osfp_validate()))
@ -433,11 +430,12 @@ pf_osfp_add(struct pf_osfp_ioctl *fpioc)
/* Find a fingerprint in the list */
struct pf_os_fingerprint *
pf_osfp_find(struct pf_osfp_list *list, struct pf_os_fingerprint *find,
u_int8_t ttldiff)
pf_osfp_find(struct pf_os_fingerprint *find, u_int8_t ttldiff)
{
struct pf_os_fingerprint *f;
PF_ASSERT_LOCKED();
#define MATCH_INT(_MOD, _DC, _field) \
if ((f->fp_flags & _DC) == 0) { \
if ((f->fp_flags & _MOD) == 0) { \
@ -449,7 +447,7 @@ pf_osfp_find(struct pf_osfp_list *list, struct pf_os_fingerprint *find,
} \
}
SLIST_FOREACH(f, list, fp_next) {
SLIST_FOREACH(f, &pf_osfp_list, fp_next) {
if (f->fp_tcpopts != find->fp_tcpopts ||
f->fp_optcnt != find->fp_optcnt ||
f->fp_ttl < find->fp_ttl ||
@ -507,11 +505,13 @@ pf_osfp_find(struct pf_osfp_list *list, struct pf_os_fingerprint *find,
/* Find an exact fingerprint in the list */
struct pf_os_fingerprint *
pf_osfp_find_exact(struct pf_osfp_list *list, struct pf_os_fingerprint *find)
pf_osfp_find_exact(struct pf_os_fingerprint *find)
{
struct pf_os_fingerprint *f;
SLIST_FOREACH(f, list, fp_next) {
PF_ASSERT_LOCKED();
SLIST_FOREACH(f, &pf_osfp_list, fp_next) {
if (f->fp_tcpopts == find->fp_tcpopts &&
f->fp_wsize == find->fp_wsize &&
f->fp_psize == find->fp_psize &&
@ -528,18 +528,20 @@ pf_osfp_find_exact(struct pf_osfp_list *list, struct pf_os_fingerprint *find)
/* Insert a fingerprint into the list */
void
pf_osfp_insert(struct pf_osfp_list *list, struct pf_os_fingerprint *ins)
pf_osfp_insert(struct pf_os_fingerprint *ins)
{
struct pf_os_fingerprint *f, *prev = NULL;
PF_ASSERT_LOCKED();
/* XXX need to go semi tree based. can key on tcp options */
SLIST_FOREACH(f, list, fp_next)
SLIST_FOREACH(f, &pf_osfp_list, fp_next)
prev = f;
if (prev)
SLIST_INSERT_AFTER(prev, ins, fp_next);
else
SLIST_INSERT_HEAD(list, ins, fp_next);
SLIST_INSERT_HEAD(&pf_osfp_list, ins, fp_next);
}
/* Fill a fingerprint by its number (from an ioctl) */
@ -551,9 +553,7 @@ pf_osfp_get(struct pf_osfp_ioctl *fpioc)
int num = fpioc->fp_getnum;
int i = 0;
memset(fpioc, 0, sizeof(*fpioc));
NET_LOCK();
PF_LOCK();
SLIST_FOREACH(fp, &pf_osfp_list, fp_next) {
SLIST_FOREACH(entry, &fp->fp_oses, fp_entry) {
@ -568,13 +568,11 @@ pf_osfp_get(struct pf_osfp_ioctl *fpioc)
memcpy(&fpioc->fp_os, entry,
sizeof(fpioc->fp_os));
PF_UNLOCK();
NET_UNLOCK();
return (0);
}
}
}
PF_UNLOCK();
NET_UNLOCK();
return (EBUSY);
}
@ -586,6 +584,8 @@ pf_osfp_validate(void)
{
struct pf_os_fingerprint *f, *f2, find;
PF_ASSERT_LOCKED();
SLIST_FOREACH(f, &pf_osfp_list, fp_next) {
memcpy(&find, f, sizeof(find));
@ -598,7 +598,7 @@ pf_osfp_validate(void)
find.fp_wsize *= (find.fp_mss + 40);
else if (f->fp_flags & PF_OSFP_WSIZE_MOD)
find.fp_wsize *= 2;
if (f != (f2 = pf_osfp_find(&pf_osfp_list, &find, 0))) {
if (f != (f2 = pf_osfp_find(&find, 0))) {
if (f2)
DPFPRINTF(LOG_NOTICE,
"Found \"%s %s %s\" instead of "

8
sys/net/pfvar_priv.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: pfvar_priv.h,v 1.31 2023/04/28 14:08:38 sashan Exp $ */
/* $OpenBSD: pfvar_priv.h,v 1.33 2023/05/10 22:42:51 sashan Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@ -135,7 +135,6 @@ RBT_PROTOTYPE(pf_state_tree_id, pf_state, entry_id, pf_state_compare_id);
extern struct pf_state_tree_id tree_id;
/*
*
* states are linked into a global list to support the following
* functionality:
*
@ -148,7 +147,7 @@ extern struct pf_state_tree_id tree_id;
* been successfully added to the various trees that make up the state
* table. states are only removed from the pf_state_list by the garbage
* collection process.
*
* the pf_state_list head and tail pointers (ie, the pfs_list TAILQ_HEAD
* structure) and the pointers between the entries on the pf_state_list
* are locked separately. at a high level, this allows for insertion
@ -406,6 +405,9 @@ void pf_state_peer_hton(const struct pf_state_peer *,
struct pfsync_state_peer *);
void pf_state_peer_ntoh(const struct pfsync_state_peer *,
struct pf_state_peer *);
u_int16_t pf_pkt_hash(sa_family_t, uint8_t,
const struct pf_addr *, const struct pf_addr *,
uint16_t, uint16_t);
#endif /* _KERNEL */