Add bpf_filter_ext() to use with BPF COP, restore bpf_filter() as it was originally to preserve compatibility. Similarly, add bpf_validate_ext() which takes bpf_ctx_t.diff -r1.11 -r1.12 src/sys/external/bsd/ipf/netinet/fil.c
(rmind)
--- src/sys/external/bsd/ipf/netinet/fil.c 2013/09/12 20:03:10 1.11
+++ src/sys/external/bsd/ipf/netinet/fil.c 2013/09/18 23:34:55 1.12
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: fil.c,v 1.11 2013/09/12 20:03:10 martin Exp $ */ | 1 | /* $NetBSD: fil.c,v 1.12 2013/09/18 23:34:55 rmind Exp $ */ | |
2 | 2 | |||
3 | /* | 3 | /* | |
4 | * Copyright (C) 2012 by Darren Reed. | 4 | * Copyright (C) 2012 by Darren Reed. | |
5 | * | 5 | * | |
6 | * See the IPFILTER.LICENCE file for details on licencing. | 6 | * See the IPFILTER.LICENCE file for details on licencing. | |
7 | * | 7 | * | |
8 | * Id: fil.c,v 1.1.1.2 2012/07/22 13:45:07 darrenr Exp $ | 8 | * Id: fil.c,v 1.1.1.2 2012/07/22 13:45:07 darrenr Exp $ | |
9 | * | 9 | * | |
10 | */ | 10 | */ | |
11 | #if defined(KERNEL) || defined(_KERNEL) | 11 | #if defined(KERNEL) || defined(_KERNEL) | |
12 | # undef KERNEL | 12 | # undef KERNEL | |
13 | # undef _KERNEL | 13 | # undef _KERNEL | |
14 | # define KERNEL 1 | 14 | # define KERNEL 1 | |
@@ -128,27 +128,27 @@ struct file; | @@ -128,27 +128,27 @@ struct file; | |||
128 | #if defined(__NetBSD__) && (__NetBSD_Version__ >= 104230000) | 128 | #if defined(__NetBSD__) && (__NetBSD_Version__ >= 104230000) | |
129 | # include <sys/callout.h> | 129 | # include <sys/callout.h> | |
130 | extern struct callout ipf_slowtimer_ch; | 130 | extern struct callout ipf_slowtimer_ch; | |
131 | #endif | 131 | #endif | |
132 | #if defined(__OpenBSD__) | 132 | #if defined(__OpenBSD__) | |
133 | # include <sys/timeout.h> | 133 | # include <sys/timeout.h> | |
134 | extern struct timeout ipf_slowtimer_ch; | 134 | extern struct timeout ipf_slowtimer_ch; | |
135 | #endif | 135 | #endif | |
136 | /* END OF INCLUDES */ | 136 | /* END OF INCLUDES */ | |
137 | 137 | |||
138 | #if !defined(lint) | 138 | #if !defined(lint) | |
139 | #if defined(__NetBSD__) | 139 | #if defined(__NetBSD__) | |
140 | #include <sys/cdefs.h> | 140 | #include <sys/cdefs.h> | |
141 | __KERNEL_RCSID(0, "$NetBSD: fil.c,v 1.11 2013/09/12 20:03:10 martin Exp $"); | 141 | __KERNEL_RCSID(0, "$NetBSD: fil.c,v 1.12 2013/09/18 23:34:55 rmind Exp $"); | |
142 | #else | 142 | #else | |
143 | static const char sccsid[] = "@(#)fil.c 1.36 6/5/96 (C) 1993-2000 Darren Reed"; | 143 | static const char sccsid[] = "@(#)fil.c 1.36 6/5/96 (C) 1993-2000 Darren Reed"; | |
144 | static const char rcsid[] = "@(#)Id: fil.c,v 1.1.1.2 2012/07/22 13:45:07 darrenr Exp $"; | 144 | static const char rcsid[] = "@(#)Id: fil.c,v 1.1.1.2 2012/07/22 13:45:07 darrenr Exp $"; | |
145 | #endif | 145 | #endif | |
146 | #endif | 146 | #endif | |
147 | 147 | |||
148 | #ifndef _KERNEL | 148 | #ifndef _KERNEL | |
149 | # include "ipf.h" | 149 | # include "ipf.h" | |
150 | # include "ipt.h" | 150 | # include "ipt.h" | |
151 | extern int opts; | 151 | extern int opts; | |
152 | extern int blockreason; | 152 | extern int blockreason; | |
153 | #endif /* _KERNEL */ | 153 | #endif /* _KERNEL */ | |
154 | 154 | |||
@@ -2395,34 +2395,28 @@ ipf_scanlist(fr_info_t *fin, u_32_t pass | @@ -2395,34 +2395,28 @@ ipf_scanlist(fr_info_t *fin, u_32_t pass | |||
2395 | #if defined(IPFILTER_BPF) | 2395 | #if defined(IPFILTER_BPF) | |
2396 | case FR_T_BPFOPC : | 2396 | case FR_T_BPFOPC : | |
2397 | case FR_T_BPFOPC_BUILTIN : | 2397 | case FR_T_BPFOPC_BUILTIN : | |
2398 | { | 2398 | { | |
2399 | u_char *mc; | 2399 | u_char *mc; | |
2400 | int wlen; | 2400 | int wlen; | |
2401 | 2401 | |||
2402 | if (*fin->fin_mp == NULL) | 2402 | if (*fin->fin_mp == NULL) | |
2403 | continue; | 2403 | continue; | |
2404 | if (fin->fin_family != fr->fr_family) | 2404 | if (fin->fin_family != fr->fr_family) | |
2405 | continue; | 2405 | continue; | |
2406 | mc = (u_char *)fin->fin_m; | 2406 | mc = (u_char *)fin->fin_m; | |
2407 | wlen = fin->fin_dlen + fin->fin_hlen; | 2407 | wlen = fin->fin_dlen + fin->fin_hlen; | |
2408 | #if defined(__NetBSD__) | |||
2409 | if (!bpf_filter(bpf_def_ctx, NULL, | |||
2410 | fr->fr_data, mc, wlen, 0)) | |||
2411 | continue; | |||
2412 | #else | |||
2413 | if (!bpf_filter(fr->fr_data, mc, wlen, 0)) | 2408 | if (!bpf_filter(fr->fr_data, mc, wlen, 0)) | |
2414 | continue; | 2409 | continue; | |
2415 | #endif | |||
2416 | break; | 2410 | break; | |
2417 | } | 2411 | } | |
2418 | #endif | 2412 | #endif | |
2419 | case FR_T_CALLFUNC_BUILTIN : | 2413 | case FR_T_CALLFUNC_BUILTIN : | |
2420 | { | 2414 | { | |
2421 | frentry_t *f; | 2415 | frentry_t *f; | |
2422 | 2416 | |||
2423 | f = (*fr->fr_func)(fin, &pass); | 2417 | f = (*fr->fr_func)(fin, &pass); | |
2424 | if (f != NULL) | 2418 | if (f != NULL) | |
2425 | fr = f; | 2419 | fr = f; | |
2426 | else | 2420 | else | |
2427 | continue; | 2421 | continue; | |
2428 | break; | 2422 | break; |
--- src/sys/net/bpf.c 2013/09/09 20:53:51 1.176
+++ src/sys/net/bpf.c 2013/09/18 23:34:55 1.177
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: bpf.c,v 1.176 2013/09/09 20:53:51 christos Exp $ */ | 1 | /* $NetBSD: bpf.c,v 1.177 2013/09/18 23:34:55 rmind Exp $ */ | |
2 | 2 | |||
3 | /* | 3 | /* | |
4 | * Copyright (c) 1990, 1991, 1993 | 4 | * Copyright (c) 1990, 1991, 1993 | |
5 | * The Regents of the University of California. All rights reserved. | 5 | * The Regents of the University of California. All rights reserved. | |
6 | * | 6 | * | |
7 | * This code is derived from the Stanford/CMU enet packet filter, | 7 | * This code is derived from the Stanford/CMU enet packet filter, | |
8 | * (net/enet.c) distributed as part of 4.3BSD, and code contributed | 8 | * (net/enet.c) distributed as part of 4.3BSD, and code contributed | |
9 | * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence | 9 | * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence | |
10 | * Berkeley Laboratory. | 10 | * Berkeley Laboratory. | |
11 | * | 11 | * | |
12 | * Redistribution and use in source and binary forms, with or without | 12 | * Redistribution and use in source and binary forms, with or without | |
13 | * modification, are permitted provided that the following conditions | 13 | * modification, are permitted provided that the following conditions | |
14 | * are met: | 14 | * are met: | |
@@ -29,27 +29,27 @@ | @@ -29,27 +29,27 @@ | |||
29 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | 29 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
30 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | 30 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
31 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | 31 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
32 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | 32 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
33 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 33 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
34 | * SUCH DAMAGE. | 34 | * SUCH DAMAGE. | |
35 | * | 35 | * | |
36 | * @(#)bpf.c 8.4 (Berkeley) 1/9/95 | 36 | * @(#)bpf.c 8.4 (Berkeley) 1/9/95 | |
37 | * static char rcsid[] = | 37 | * static char rcsid[] = | |
38 | * "Header: bpf.c,v 1.67 96/09/26 22:00:52 leres Exp "; | 38 | * "Header: bpf.c,v 1.67 96/09/26 22:00:52 leres Exp "; | |
39 | */ | 39 | */ | |
40 | 40 | |||
41 | #include <sys/cdefs.h> | 41 | #include <sys/cdefs.h> | |
42 | __KERNEL_RCSID(0, "$NetBSD: bpf.c,v 1.176 2013/09/09 20:53:51 christos Exp $"); | 42 | __KERNEL_RCSID(0, "$NetBSD: bpf.c,v 1.177 2013/09/18 23:34:55 rmind Exp $"); | |
43 | 43 | |||
44 | #if defined(_KERNEL_OPT) | 44 | #if defined(_KERNEL_OPT) | |
45 | #include "opt_bpf.h" | 45 | #include "opt_bpf.h" | |
46 | #include "sl.h" | 46 | #include "sl.h" | |
47 | #include "strip.h" | 47 | #include "strip.h" | |
48 | #endif | 48 | #endif | |
49 | 49 | |||
50 | #include <sys/param.h> | 50 | #include <sys/param.h> | |
51 | #include <sys/systm.h> | 51 | #include <sys/systm.h> | |
52 | #include <sys/mbuf.h> | 52 | #include <sys/mbuf.h> | |
53 | #include <sys/buf.h> | 53 | #include <sys/buf.h> | |
54 | #include <sys/time.h> | 54 | #include <sys/time.h> | |
55 | #include <sys/proc.h> | 55 | #include <sys/proc.h> | |
@@ -1372,28 +1372,27 @@ bpf_deliver(struct bpf_if *bp, void *(*c | @@ -1372,28 +1372,27 @@ bpf_deliver(struct bpf_if *bp, void *(*c | |||
1372 | */ | 1372 | */ | |
1373 | for (d = bp->bif_dlist; d != NULL; d = d->bd_next) { | 1373 | for (d = bp->bif_dlist; d != NULL; d = d->bd_next) { | |
1374 | u_int slen; | 1374 | u_int slen; | |
1375 | 1375 | |||
1376 | if (!d->bd_seesent && !rcv) { | 1376 | if (!d->bd_seesent && !rcv) { | |
1377 | continue; | 1377 | continue; | |
1378 | } | 1378 | } | |
1379 | d->bd_rcount++; | 1379 | d->bd_rcount++; | |
1380 | bpf_gstats.bs_recv++; | 1380 | bpf_gstats.bs_recv++; | |
1381 | 1381 | |||
1382 | if (d->bd_jitcode != NULL) | 1382 | if (d->bd_jitcode != NULL) | |
1383 | slen = d->bd_jitcode(pkt, pktlen, buflen); | 1383 | slen = d->bd_jitcode(pkt, pktlen, buflen); | |
1384 | else | 1384 | else | |
1385 | slen = bpf_filter(bpf_def_ctx, NULL, d->bd_filter, | 1385 | slen = bpf_filter(d->bd_filter, pkt, pktlen, buflen); | |
1386 | pkt, pktlen, buflen); | |||
1387 | 1386 | |||
1388 | if (!slen) { | 1387 | if (!slen) { | |
1389 | continue; | 1388 | continue; | |
1390 | } | 1389 | } | |
1391 | if (!gottime) { | 1390 | if (!gottime) { | |
1392 | gottime = true; | 1391 | gottime = true; | |
1393 | nanotime(&ts); | 1392 | nanotime(&ts); | |
1394 | } | 1393 | } | |
1395 | catchpacket(d, pkt, pktlen, slen, cpfn, &ts); | 1394 | catchpacket(d, pkt, pktlen, slen, cpfn, &ts); | |
1396 | } | 1395 | } | |
1397 | } | 1396 | } | |
1398 | 1397 | |||
1399 | /* | 1398 | /* |
--- src/sys/net/bpf.h 2013/08/30 15:00:08 1.61
+++ src/sys/net/bpf.h 2013/09/18 23:34:55 1.62
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: bpf.h,v 1.61 2013/08/30 15:00:08 rmind Exp $ */ | 1 | /* $NetBSD: bpf.h,v 1.62 2013/09/18 23:34:55 rmind Exp $ */ | |
2 | 2 | |||
3 | /* | 3 | /* | |
4 | * Copyright (c) 1990, 1991, 1993 | 4 | * Copyright (c) 1990, 1991, 1993 | |
5 | * The Regents of the University of California. All rights reserved. | 5 | * The Regents of the University of California. All rights reserved. | |
6 | * | 6 | * | |
7 | * This code is derived from the Stanford/CMU enet packet filter, | 7 | * This code is derived from the Stanford/CMU enet packet filter, | |
8 | * (net/enet.c) distributed as part of 4.3BSD, and code contributed | 8 | * (net/enet.c) distributed as part of 4.3BSD, and code contributed | |
9 | * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence | 9 | * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence | |
10 | * Berkeley Laboratory. | 10 | * Berkeley Laboratory. | |
11 | * | 11 | * | |
12 | * Redistribution and use in source and binary forms, with or without | 12 | * Redistribution and use in source and binary forms, with or without | |
13 | * modification, are permitted provided that the following conditions | 13 | * modification, are permitted provided that the following conditions | |
14 | * are met: | 14 | * are met: | |
@@ -374,38 +374,35 @@ bpf_mtap_sl_out(struct ifnet *_ifp, u_ch | @@ -374,38 +374,35 @@ bpf_mtap_sl_out(struct ifnet *_ifp, u_ch | |||
374 | 374 | |||
375 | 375 | |||
376 | void bpf_setops(void); | 376 | void bpf_setops(void); | |
377 | 377 | |||
378 | void bpf_ops_handover_enter(struct bpf_ops *); | 378 | void bpf_ops_handover_enter(struct bpf_ops *); | |
379 | void bpf_ops_handover_exit(void); | 379 | void bpf_ops_handover_exit(void); | |
380 | 380 | |||
381 | void bpfilterattach(int); | 381 | void bpfilterattach(int); | |
382 | 382 | |||
383 | struct bpf_ctx; | 383 | struct bpf_ctx; | |
384 | typedef struct bpf_ctx bpf_ctx_t; | 384 | typedef struct bpf_ctx bpf_ctx_t; | |
385 | typedef uint32_t (*bpf_copfunc_t)(const struct mbuf *, void *, | 385 | typedef uint32_t (*bpf_copfunc_t)(const struct mbuf *, void *, | |
386 | uint32_t, uint32_t *); | 386 | uint32_t, uint32_t *); | |
387 | extern bpf_ctx_t *bpf_def_ctx; | |||
388 | 387 | |||
389 | bpf_ctx_t *bpf_create(void); | 388 | bpf_ctx_t *bpf_create(void); | |
390 | void bpf_destroy(bpf_ctx_t *); | 389 | void bpf_destroy(bpf_ctx_t *); | |
391 | 390 | |||
392 | int bpf_set_cop(bpf_ctx_t *, const bpf_copfunc_t *, size_t); | 391 | int bpf_set_cop(bpf_ctx_t *, const bpf_copfunc_t *, size_t); | |
393 | u_int bpf_filter(bpf_ctx_t *, void *, const struct bpf_insn *, | 392 | u_int bpf_filter_ext(bpf_ctx_t *, void *, const struct bpf_insn *, | |
394 | const u_char *, u_int, u_int); | 393 | const u_char *, u_int, u_int); | |
395 | int bpf_validate(const struct bpf_insn *, int); | 394 | int bpf_validate_ext(bpf_ctx_t *, const struct bpf_insn *, int); | |
396 | 395 | |||
397 | #else | 396 | #endif | |
398 | 397 | |||
399 | int bpf_validate(const struct bpf_insn *, int); | 398 | int bpf_validate(const struct bpf_insn *, int); | |
400 | u_int bpf_filter(const struct bpf_insn *, const u_char *, u_int, u_int); | 399 | u_int bpf_filter(const struct bpf_insn *, const u_char *, u_int, u_int); | |
401 | 400 | |||
402 | #endif | |||
403 | ||||
404 | __END_DECLS | 401 | __END_DECLS | |
405 | 402 | |||
406 | /* | 403 | /* | |
407 | * Number of scratch memory words (for BPF_LD|BPF_MEM and BPF_ST). | 404 | * Number of scratch memory words (for BPF_LD|BPF_MEM and BPF_ST). | |
408 | */ | 405 | */ | |
409 | #define BPF_MEMWORDS 16 | 406 | #define BPF_MEMWORDS 16 | |
410 | 407 | |||
411 | #endif /* !_NET_BPF_H_ */ | 408 | #endif /* !_NET_BPF_H_ */ |
--- src/sys/net/bpf_filter.c 2013/08/30 15:00:08 1.57
+++ src/sys/net/bpf_filter.c 2013/09/18 23:34:55 1.58
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: bpf_filter.c,v 1.57 2013/08/30 15:00:08 rmind Exp $ */ | 1 | /* $NetBSD: bpf_filter.c,v 1.58 2013/09/18 23:34:55 rmind Exp $ */ | |
2 | 2 | |||
3 | /*- | 3 | /*- | |
4 | * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997 | 4 | * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997 | |
5 | * The Regents of the University of California. All rights reserved. | 5 | * The Regents of the University of California. All rights reserved. | |
6 | * | 6 | * | |
7 | * This code is derived from the Stanford/CMU enet packet filter, | 7 | * This code is derived from the Stanford/CMU enet packet filter, | |
8 | * (net/enet.c) distributed as part of 4.3BSD, and code contributed | 8 | * (net/enet.c) distributed as part of 4.3BSD, and code contributed | |
9 | * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence | 9 | * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence | |
10 | * Berkeley Laboratory. | 10 | * Berkeley Laboratory. | |
11 | * | 11 | * | |
12 | * Redistribution and use in source and binary forms, with or without | 12 | * Redistribution and use in source and binary forms, with or without | |
13 | * modification, are permitted provided that the following conditions | 13 | * modification, are permitted provided that the following conditions | |
14 | * are met: | 14 | * are met: | |
@@ -27,52 +27,51 @@ | @@ -27,52 +27,51 @@ | |||
27 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE | 27 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE | |
28 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | 28 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
29 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | 29 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
30 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | 30 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
31 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | 31 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
32 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | 32 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
33 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 33 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
34 | * SUCH DAMAGE. | 34 | * SUCH DAMAGE. | |
35 | * | 35 | * | |
36 | * @(#)bpf_filter.c 8.1 (Berkeley) 6/10/93 | 36 | * @(#)bpf_filter.c 8.1 (Berkeley) 6/10/93 | |
37 | */ | 37 | */ | |
38 | 38 | |||
39 | #include <sys/cdefs.h> | 39 | #include <sys/cdefs.h> | |
40 | __KERNEL_RCSID(0, "$NetBSD: bpf_filter.c,v 1.57 2013/08/30 15:00:08 rmind Exp $"); | 40 | __KERNEL_RCSID(0, "$NetBSD: bpf_filter.c,v 1.58 2013/09/18 23:34:55 rmind Exp $"); | |
41 | 41 | |||
42 | #if 0 | 42 | #if 0 | |
43 | #if !(defined(lint) || defined(KERNEL)) | 43 | #if !(defined(lint) || defined(KERNEL)) | |
44 | static const char rcsid[] = | 44 | static const char rcsid[] = | |
45 | "@(#) Header: bpf_filter.c,v 1.33 97/04/26 13:37:18 leres Exp (LBL)"; | 45 | "@(#) Header: bpf_filter.c,v 1.33 97/04/26 13:37:18 leres Exp (LBL)"; | |
46 | #endif | 46 | #endif | |
47 | #endif | 47 | #endif | |
48 | 48 | |||
49 | #include <sys/param.h> | 49 | #include <sys/param.h> | |
50 | #include <sys/time.h> | 50 | #include <sys/time.h> | |
51 | #include <sys/kmem.h> | 51 | #include <sys/kmem.h> | |
52 | #include <sys/endian.h> | 52 | #include <sys/endian.h> | |
53 | 53 | |||
54 | #include <net/bpf.h> | 54 | #include <net/bpf.h> | |
55 | 55 | |||
56 | #ifdef _KERNEL | 56 | #ifdef _KERNEL | |
57 | 57 | |||
58 | struct bpf_ctx { | 58 | struct bpf_ctx { | |
59 | const bpf_copfunc_t * copfuncs; | 59 | const bpf_copfunc_t * copfuncs; | |
60 | size_t nfuncs; | 60 | size_t nfuncs; | |
61 | }; | 61 | }; | |
62 | 62 | |||
63 | /* Default BPF context (zeroed). */ | 63 | /* Default BPF context (zeroed). */ | |
64 | static bpf_ctx_t bpf_def_ctx1; | 64 | static bpf_ctx_t bpf_def_ctx; | |
65 | bpf_ctx_t * bpf_def_ctx = &bpf_def_ctx1; | |||
66 | 65 | |||
67 | bpf_ctx_t * | 66 | bpf_ctx_t * | |
68 | bpf_create(void) | 67 | bpf_create(void) | |
69 | { | 68 | { | |
70 | return kmem_zalloc(sizeof(bpf_ctx_t), KM_SLEEP); | 69 | return kmem_zalloc(sizeof(bpf_ctx_t), KM_SLEEP); | |
71 | } | 70 | } | |
72 | 71 | |||
73 | void | 72 | void | |
74 | bpf_destroy(bpf_ctx_t *bc) | 73 | bpf_destroy(bpf_ctx_t *bc) | |
75 | { | 74 | { | |
76 | kmem_free(bc, sizeof(bpf_ctx_t)); | 75 | kmem_free(bc, sizeof(bpf_ctx_t)); | |
77 | } | 76 | } | |
78 | 77 | |||
@@ -169,28 +168,36 @@ m_xbyte(const struct mbuf *m, uint32_t k | @@ -169,28 +168,36 @@ m_xbyte(const struct mbuf *m, uint32_t k | |||
169 | } | 168 | } | |
170 | #else /* _KERNEL */ | 169 | #else /* _KERNEL */ | |
171 | #include <stdlib.h> | 170 | #include <stdlib.h> | |
172 | #endif /* !_KERNEL */ | 171 | #endif /* !_KERNEL */ | |
173 | 172 | |||
174 | #include <net/bpf.h> | 173 | #include <net/bpf.h> | |
175 | 174 | |||
176 | /* | 175 | /* | |
177 | * Execute the filter program starting at pc on the packet p | 176 | * Execute the filter program starting at pc on the packet p | |
178 | * wirelen is the length of the original packet | 177 | * wirelen is the length of the original packet | |
179 | * buflen is the amount of data present | 178 | * buflen is the amount of data present | |
180 | */ | 179 | */ | |
181 | #ifdef _KERNEL | 180 | #ifdef _KERNEL | |
181 | ||||
182 | u_int | 182 | u_int | |
183 | bpf_filter(bpf_ctx_t *bc, void *arg, const struct bpf_insn *pc, | 183 | bpf_filter(const struct bpf_insn *pc, const u_char *p, u_int wirelen, | |
184 | u_int buflen) | |||
185 | { | |||
186 | return bpf_filter_ext(&bpf_def_ctx, NULL, pc, p, wirelen, buflen); | |||
187 | } | |||
188 | ||||
189 | u_int | |||
190 | bpf_filter_ext(bpf_ctx_t *bc, void *arg, const struct bpf_insn *pc, | |||
184 | const u_char *p, u_int wirelen, u_int buflen) | 191 | const u_char *p, u_int wirelen, u_int buflen) | |
185 | #else | 192 | #else | |
186 | u_int | 193 | u_int | |
187 | bpf_filter(const struct bpf_insn *pc, const u_char *p, u_int wirelen, | 194 | bpf_filter(const struct bpf_insn *pc, const u_char *p, u_int wirelen, | |
188 | u_int buflen) | 195 | u_int buflen) | |
189 | #endif | 196 | #endif | |
190 | { | 197 | { | |
191 | uint32_t A, X, k; | 198 | uint32_t A, X, k; | |
192 | uint32_t mem[BPF_MEMWORDS]; | 199 | uint32_t mem[BPF_MEMWORDS]; | |
193 | 200 | |||
194 | #ifdef _KERNEL | 201 | #ifdef _KERNEL | |
195 | KASSERT(bc != NULL); | 202 | KASSERT(bc != NULL); | |
196 | #endif | 203 | #endif | |
@@ -537,29 +544,41 @@ bpf_filter(const struct bpf_insn *pc, co | @@ -537,29 +544,41 @@ bpf_filter(const struct bpf_insn *pc, co | |||
537 | /* | 544 | /* | |
538 | * Return true if the 'fcode' is a valid filter program. | 545 | * Return true if the 'fcode' is a valid filter program. | |
539 | * The constraints are that each jump be forward and to a valid | 546 | * The constraints are that each jump be forward and to a valid | |
540 | * code, that memory accesses are within valid ranges (to the | 547 | * code, that memory accesses are within valid ranges (to the | |
541 | * extent that this can be checked statically; loads of packet | 548 | * extent that this can be checked statically; loads of packet | |
542 | * data have to be, and are, also checked at run time), and that | 549 | * data have to be, and are, also checked at run time), and that | |
543 | * the code terminates with either an accept or reject. | 550 | * the code terminates with either an accept or reject. | |
544 | * | 551 | * | |
545 | * The kernel needs to be able to verify an application's filter code. | 552 | * The kernel needs to be able to verify an application's filter code. | |
546 | * Otherwise, a bogus program could easily crash the system. | 553 | * Otherwise, a bogus program could easily crash the system. | |
547 | */ | 554 | */ | |
548 | __CTASSERT(BPF_MEMWORDS == sizeof(uint16_t) * NBBY); | 555 | __CTASSERT(BPF_MEMWORDS == sizeof(uint16_t) * NBBY); | |
549 | 556 | |||
557 | #if defined(KERNEL) || defined(_KERNEL) | |||
558 | ||||
550 | int | 559 | int | |
551 | bpf_validate(const struct bpf_insn *f, int signed_len) | 560 | bpf_validate(const struct bpf_insn *f, int signed_len) | |
552 | { | 561 | { | |
562 | return bpf_validate_ext(&bpf_def_ctx, f, signed_len); | |||
563 | } | |||
564 | ||||
565 | int | |||
566 | bpf_validate_ext(bpf_ctx_t *bc, const struct bpf_insn *f, int signed_len) | |||
567 | #else | |||
568 | int | |||
569 | bpf_validate(const struct bpf_insn *f, int signed_len) | |||
570 | #endif | |||
571 | { | |||
553 | u_int i, from, len, ok = 0; | 572 | u_int i, from, len, ok = 0; | |
554 | const struct bpf_insn *p; | 573 | const struct bpf_insn *p; | |
555 | #if defined(KERNEL) || defined(_KERNEL) | 574 | #if defined(KERNEL) || defined(_KERNEL) | |
556 | uint16_t *mem, invalid; | 575 | uint16_t *mem, invalid; | |
557 | size_t size; | 576 | size_t size; | |
558 | #endif | 577 | #endif | |
559 | 578 | |||
560 | len = (u_int)signed_len; | 579 | len = (u_int)signed_len; | |
561 | if (len < 1) | 580 | if (len < 1) | |
562 | return 0; | 581 | return 0; | |
563 | #if defined(KERNEL) || defined(_KERNEL) | 582 | #if defined(KERNEL) || defined(_KERNEL) | |
564 | if (len > BPF_MAXINSNS) | 583 | if (len > BPF_MAXINSNS) | |
565 | return 0; | 584 | return 0; |
--- src/sys/net/if_ppp.c 2013/08/30 15:00:08 1.140
+++ src/sys/net/if_ppp.c 2013/09/18 23:34:55 1.141
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: if_ppp.c,v 1.140 2013/08/30 15:00:08 rmind Exp $ */ | 1 | /* $NetBSD: if_ppp.c,v 1.141 2013/09/18 23:34:55 rmind Exp $ */ | |
2 | /* Id: if_ppp.c,v 1.6 1997/03/04 03:33:00 paulus Exp */ | 2 | /* Id: if_ppp.c,v 1.6 1997/03/04 03:33:00 paulus Exp */ | |
3 | 3 | |||
4 | /* | 4 | /* | |
5 | * if_ppp.c - Point-to-Point Protocol (PPP) Asynchronous driver. | 5 | * if_ppp.c - Point-to-Point Protocol (PPP) Asynchronous driver. | |
6 | * | 6 | * | |
7 | * Copyright (c) 1984-2000 Carnegie Mellon University. All rights reserved. | 7 | * Copyright (c) 1984-2000 Carnegie Mellon University. All rights reserved. | |
8 | * | 8 | * | |
9 | * Redistribution and use in source and binary forms, with or without | 9 | * Redistribution and use in source and binary forms, with or without | |
10 | * modification, are permitted provided that the following conditions | 10 | * modification, are permitted provided that the following conditions | |
11 | * are met: | 11 | * are met: | |
12 | * | 12 | * | |
13 | * 1. Redistributions of source code must retain the above copyright | 13 | * 1. Redistributions of source code must retain the above copyright | |
14 | * notice, this list of conditions and the following disclaimer. | 14 | * notice, this list of conditions and the following disclaimer. | |
@@ -92,27 +92,27 @@ | @@ -92,27 +92,27 @@ | |||
92 | /* from NetBSD: if_ppp.c,v 1.15.2.2 1994/07/28 05:17:58 cgd Exp */ | 92 | /* from NetBSD: if_ppp.c,v 1.15.2.2 1994/07/28 05:17:58 cgd Exp */ | |
93 | 93 | |||
94 | /* | 94 | /* | |
95 | * XXX IMP ME HARDER | 95 | * XXX IMP ME HARDER | |
96 | * | 96 | * | |
97 | * This is an explanation of that comment. This code used to use | 97 | * This is an explanation of that comment. This code used to use | |
98 | * splimp() to block both network and tty interrupts. However, | 98 | * splimp() to block both network and tty interrupts. However, | |
99 | * that call is deprecated. So, we have replaced the uses of | 99 | * that call is deprecated. So, we have replaced the uses of | |
100 | * splimp() with splhigh() in order to applomplish what it needs | 100 | * splimp() with splhigh() in order to applomplish what it needs | |
101 | * to accomplish, and added that happy little comment. | 101 | * to accomplish, and added that happy little comment. | |
102 | */ | 102 | */ | |
103 | 103 | |||
104 | #include <sys/cdefs.h> | 104 | #include <sys/cdefs.h> | |
105 | __KERNEL_RCSID(0, "$NetBSD: if_ppp.c,v 1.140 2013/08/30 15:00:08 rmind Exp $"); | 105 | __KERNEL_RCSID(0, "$NetBSD: if_ppp.c,v 1.141 2013/09/18 23:34:55 rmind Exp $"); | |
106 | 106 | |||
107 | #include "ppp.h" | 107 | #include "ppp.h" | |
108 | 108 | |||
109 | #include "opt_inet.h" | 109 | #include "opt_inet.h" | |
110 | #include "opt_gateway.h" | 110 | #include "opt_gateway.h" | |
111 | #include "opt_ppp.h" | 111 | #include "opt_ppp.h" | |
112 | 112 | |||
113 | #ifdef INET | 113 | #ifdef INET | |
114 | #define VJC | 114 | #define VJC | |
115 | #endif | 115 | #endif | |
116 | #define PPP_COMPRESS | 116 | #define PPP_COMPRESS | |
117 | 117 | |||
118 | #include <sys/param.h> | 118 | #include <sys/param.h> | |
@@ -936,37 +936,37 @@ pppoutput(struct ifnet *ifp, struct mbuf | @@ -936,37 +936,37 @@ pppoutput(struct ifnet *ifp, struct mbuf | |||
936 | 936 | |||
937 | if (sc->sc_flags & SC_LOG_OUTPKT) { | 937 | if (sc->sc_flags & SC_LOG_OUTPKT) { | |
938 | printf("%s output: ", ifp->if_xname); | 938 | printf("%s output: ", ifp->if_xname); | |
939 | pppdumpm(m0); | 939 | pppdumpm(m0); | |
940 | } | 940 | } | |
941 | 941 | |||
942 | if ((protocol & 0x8000) == 0) { | 942 | if ((protocol & 0x8000) == 0) { | |
943 | #ifdef PPP_FILTER | 943 | #ifdef PPP_FILTER | |
944 | /* | 944 | /* | |
945 | * Apply the pass and active filters to the packet, | 945 | * Apply the pass and active filters to the packet, | |
946 | * but only if it is a data packet. | 946 | * but only if it is a data packet. | |
947 | */ | 947 | */ | |
948 | if (sc->sc_pass_filt_out.bf_insns != 0 | 948 | if (sc->sc_pass_filt_out.bf_insns != 0 | |
949 | && bpf_filter(bpf_def_ctx, NULL, sc->sc_pass_filt_out.bf_insns, | 949 | && bpf_filter(sc->sc_pass_filt_out.bf_insns, | |
950 | (u_char *)m0, len, 0) == 0) { | 950 | (u_char *)m0, len, 0) == 0) { | |
951 | error = 0; /* drop this packet */ | 951 | error = 0; /* drop this packet */ | |
952 | goto bad; | 952 | goto bad; | |
953 | } | 953 | } | |
954 | 954 | |||
955 | /* | 955 | /* | |
956 | * Update the time we sent the most recent packet. | 956 | * Update the time we sent the most recent packet. | |
957 | */ | 957 | */ | |
958 | if (sc->sc_active_filt_out.bf_insns == 0 | 958 | if (sc->sc_active_filt_out.bf_insns == 0 | |
959 | || bpf_filter(bpf_def_ctx, NULL, sc->sc_active_filt_out.bf_insns, | 959 | || bpf_filter(sc->sc_active_filt_out.bf_insns, | |
960 | (u_char *)m0, len, 0)) | 960 | (u_char *)m0, len, 0)) | |
961 | sc->sc_last_sent = time_second; | 961 | sc->sc_last_sent = time_second; | |
962 | #else | 962 | #else | |
963 | /* | 963 | /* | |
964 | * Update the time we sent the most recent packet. | 964 | * Update the time we sent the most recent packet. | |
965 | */ | 965 | */ | |
966 | sc->sc_last_sent = time_second; | 966 | sc->sc_last_sent = time_second; | |
967 | #endif /* PPP_FILTER */ | 967 | #endif /* PPP_FILTER */ | |
968 | } | 968 | } | |
969 | 969 | |||
970 | /* | 970 | /* | |
971 | * See if bpf wants to look at the packet. | 971 | * See if bpf wants to look at the packet. | |
972 | */ | 972 | */ | |
@@ -1574,34 +1574,34 @@ ppp_inproc(struct ppp_softc *sc, struct | @@ -1574,34 +1574,34 @@ ppp_inproc(struct ppp_softc *sc, struct | |||
1574 | m->m_len = ilen; | 1574 | m->m_len = ilen; | |
1575 | } | 1575 | } | |
1576 | } | 1576 | } | |
1577 | m->m_pkthdr.len = ilen; | 1577 | m->m_pkthdr.len = ilen; | |
1578 | m->m_pkthdr.rcvif = ifp; | 1578 | m->m_pkthdr.rcvif = ifp; | |
1579 | 1579 | |||
1580 | if ((proto & 0x8000) == 0) { | 1580 | if ((proto & 0x8000) == 0) { | |
1581 | #ifdef PPP_FILTER | 1581 | #ifdef PPP_FILTER | |
1582 | /* | 1582 | /* | |
1583 | * See whether we want to pass this packet, and | 1583 | * See whether we want to pass this packet, and | |
1584 | * if it counts as link activity. | 1584 | * if it counts as link activity. | |
1585 | */ | 1585 | */ | |
1586 | if (sc->sc_pass_filt_in.bf_insns != 0 | 1586 | if (sc->sc_pass_filt_in.bf_insns != 0 | |
1587 | && bpf_filter(bpf_def_ctx, NULL, sc->sc_pass_filt_in.bf_insns, | 1587 | && bpf_filter(sc->sc_pass_filt_in.bf_insns, | |
1588 | (u_char *)m, ilen, 0) == 0) { | 1588 | (u_char *)m, ilen, 0) == 0) { | |
1589 | /* drop this packet */ | 1589 | /* drop this packet */ | |
1590 | m_freem(m); | 1590 | m_freem(m); | |
1591 | return; | 1591 | return; | |
1592 | } | 1592 | } | |
1593 | if (sc->sc_active_filt_in.bf_insns == 0 | 1593 | if (sc->sc_active_filt_in.bf_insns == 0 | |
1594 | || bpf_filter(bpf_def_ctx, NULL, sc->sc_active_filt_in.bf_insns, | 1594 | || bpf_filter(sc->sc_active_filt_in.bf_insns, | |
1595 | (u_char *)m, ilen, 0)) | 1595 | (u_char *)m, ilen, 0)) | |
1596 | sc->sc_last_recv = time_second; | 1596 | sc->sc_last_recv = time_second; | |
1597 | #else | 1597 | #else | |
1598 | /* | 1598 | /* | |
1599 | * Record the time that we received this packet. | 1599 | * Record the time that we received this packet. | |
1600 | */ | 1600 | */ | |
1601 | sc->sc_last_recv = time_second; | 1601 | sc->sc_last_recv = time_second; | |
1602 | #endif /* PPP_FILTER */ | 1602 | #endif /* PPP_FILTER */ | |
1603 | } | 1603 | } | |
1604 | 1604 | |||
1605 | /* See if bpf wants to look at the packet. */ | 1605 | /* See if bpf wants to look at the packet. */ | |
1606 | bpf_mtap(&sc->sc_if, m); | 1606 | bpf_mtap(&sc->sc_if, m); | |
1607 | 1607 |
--- src/sys/net/npf/npf_ruleset.c 2013/08/30 15:00:08 1.22
+++ src/sys/net/npf/npf_ruleset.c 2013/09/18 23:34:55 1.23
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: npf_ruleset.c,v 1.22 2013/08/30 15:00:08 rmind Exp $ */ | 1 | /* $NetBSD: npf_ruleset.c,v 1.23 2013/09/18 23:34:55 rmind Exp $ */ | |
2 | 2 | |||
3 | /*- | 3 | /*- | |
4 | * Copyright (c) 2009-2013 The NetBSD Foundation, Inc. | 4 | * Copyright (c) 2009-2013 The NetBSD Foundation, Inc. | |
5 | * All rights reserved. | 5 | * All rights reserved. | |
6 | * | 6 | * | |
7 | * This material is based upon work partially supported by The | 7 | * This material is based upon work partially supported by The | |
8 | * NetBSD Foundation under a contract with Mindaugas Rasiukevicius. | 8 | * NetBSD Foundation under a contract with Mindaugas Rasiukevicius. | |
9 | * | 9 | * | |
10 | * Redistribution and use in source and binary forms, with or without | 10 | * Redistribution and use in source and binary forms, with or without | |
11 | * modification, are permitted provided that the following conditions | 11 | * modification, are permitted provided that the following conditions | |
12 | * are met: | 12 | * are met: | |
13 | * 1. Redistributions of source code must retain the above copyright | 13 | * 1. Redistributions of source code must retain the above copyright | |
14 | * notice, this list of conditions and the following disclaimer. | 14 | * notice, this list of conditions and the following disclaimer. | |
@@ -24,27 +24,27 @@ | @@ -24,27 +24,27 @@ | |||
24 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF | 24 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF | |
25 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS | 25 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS | |
26 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN | 26 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN | |
27 | * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | 27 | * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
28 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE | 28 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE | |
29 | * POSSIBILITY OF SUCH DAMAGE. | 29 | * POSSIBILITY OF SUCH DAMAGE. | |
30 | */ | 30 | */ | |
31 | 31 | |||
32 | /* | 32 | /* | |
33 | * NPF ruleset module. | 33 | * NPF ruleset module. | |
34 | */ | 34 | */ | |
35 | 35 | |||
36 | #include <sys/cdefs.h> | 36 | #include <sys/cdefs.h> | |
37 | __KERNEL_RCSID(0, "$NetBSD: npf_ruleset.c,v 1.22 2013/08/30 15:00:08 rmind Exp $"); | 37 | __KERNEL_RCSID(0, "$NetBSD: npf_ruleset.c,v 1.23 2013/09/18 23:34:55 rmind Exp $"); | |
38 | 38 | |||
39 | #include <sys/param.h> | 39 | #include <sys/param.h> | |
40 | #include <sys/types.h> | 40 | #include <sys/types.h> | |
41 | 41 | |||
42 | #include <sys/atomic.h> | 42 | #include <sys/atomic.h> | |
43 | #include <sys/kmem.h> | 43 | #include <sys/kmem.h> | |
44 | #include <sys/queue.h> | 44 | #include <sys/queue.h> | |
45 | #include <sys/mbuf.h> | 45 | #include <sys/mbuf.h> | |
46 | #include <sys/types.h> | 46 | #include <sys/types.h> | |
47 | 47 | |||
48 | #include <net/bpf.h> | 48 | #include <net/bpf.h> | |
49 | #include <net/bpfjit.h> | 49 | #include <net/bpfjit.h> | |
50 | #include <net/pfil.h> | 50 | #include <net/pfil.h> | |
@@ -671,28 +671,27 @@ npf_rule_inspect(npf_cache_t *npc, nbuf_ | @@ -671,28 +671,27 @@ npf_rule_inspect(npf_cache_t *npc, nbuf_ | |||
671 | } | 671 | } | |
672 | 672 | |||
673 | /* Execute the byte-code, if any. */ | 673 | /* Execute the byte-code, if any. */ | |
674 | if ((code = rl->r_code) == NULL) { | 674 | if ((code = rl->r_code) == NULL) { | |
675 | return true; | 675 | return true; | |
676 | } | 676 | } | |
677 | 677 | |||
678 | switch (rl->r_type) { | 678 | switch (rl->r_type) { | |
679 | case NPF_CODE_NC: | 679 | case NPF_CODE_NC: | |
680 | return npf_ncode_process(npc, code, nbuf, layer) == 0; | 680 | return npf_ncode_process(npc, code, nbuf, layer) == 0; | |
681 | case NPF_CODE_BPF: { | 681 | case NPF_CODE_BPF: { | |
682 | struct mbuf *m = nbuf_head_mbuf(nbuf); | 682 | struct mbuf *m = nbuf_head_mbuf(nbuf); | |
683 | size_t pktlen = m_length(m); | 683 | size_t pktlen = m_length(m); | |
684 | return bpf_filter(bpf_def_ctx, NULL, code, | 684 | return bpf_filter(code, (unsigned char *)m, pktlen, 0) != 0; | |
685 | (unsigned char *)m, pktlen, 0) != 0; | |||
686 | } | 685 | } | |
687 | default: | 686 | default: | |
688 | KASSERT(false); | 687 | KASSERT(false); | |
689 | } | 688 | } | |
690 | return false; | 689 | return false; | |
691 | } | 690 | } | |
692 | 691 | |||
693 | /* | 692 | /* | |
694 | * npf_rule_reinspect: re-inspect the dynamic rule by iterating its list. | 693 | * npf_rule_reinspect: re-inspect the dynamic rule by iterating its list. | |
695 | * This is only for the dynamic rules. Subrules cannot have nested rules. | 694 | * This is only for the dynamic rules. Subrules cannot have nested rules. | |
696 | */ | 695 | */ | |
697 | static npf_rule_t * | 696 | static npf_rule_t * | |
698 | npf_rule_reinspect(npf_cache_t *npc, nbuf_t *nbuf, const npf_rule_t *drl, | 697 | npf_rule_reinspect(npf_cache_t *npc, nbuf_t *nbuf, const npf_rule_t *drl, |