static errno_t vboxNetAdpDarwinDemux(ifnet_t pIface, mbuf_t pMBuf,
char *pFrameHeader,
protocol_family_t *pProtocolFamily)
{
PVBOXNETADP pThis = VBOXNETADP_FROM_IFACE(pIface);
Assert(pThis);
Log2(("vboxNetAdpDarwinDemux: mode=%d\n", pThis->u.s.nTapMode));
if (pThis->u.s.nTapMode & BPF_MODE_INPUT)
{
Log2(("vboxnetadp: in len=%d\n%.*Rhxd\n", mbuf_len(pMBuf), 14, pFrameHeader));
bpf_tap_in(pIface, DLT_EN10MB, pMBuf, pFrameHeader, ETHER_HDR_LEN);
}
return ether_demux(pIface, pMBuf, pFrameHeader, pProtocolFamily);
}
errno_t
utun_pkt_input (struct utun_pcb *pcb, mbuf_t m)
{
errno_t result;
protocol_family_t protocol = 0;
mbuf_pkthdr_setrcvif(m, pcb->utun_ifp);
if (m_pktlen(m) >= 4) {
protocol = *(u_int32_t *)mbuf_data(m);
bpf_tap_in(pcb->utun_ifp, DLT_NULL, m, 0, 0);
}
if (pcb->utun_flags & UTUN_FLAGS_NO_INPUT) {
/* flush data */
mbuf_freem(m);
return 0;
}
// quick exit for keepalive packets
if (protocol == AF_UTUN && pcb->utun_flags & UTUN_FLAGS_CRYPTO) {
if (utun_pkt_crypto_output(pcb, &m) == 0) {
return 0;
}
printf("%s: utun_pkt_crypto_output failed, flags %x\n", __FUNCTION__, pcb->utun_flags);
return EINVAL;
}
if (!pcb->utun_ext_ifdata_stats) {
struct ifnet_stat_increment_param incs;
bzero(&incs, sizeof(incs));
incs.packets_in = 1;
incs.bytes_in = mbuf_pkthdr_len(m);
result = ifnet_input(pcb->utun_ifp, m, &incs);
} else {
result = ifnet_input(pcb->utun_ifp, m, NULL);
}
if (result != 0) {
ifnet_stat_increment_in(pcb->utun_ifp, 0, 0, 1);
printf("%s - ifnet_input failed: %d\n", __FUNCTION__, result);
mbuf_freem(m);
}
return 0;
}
static errno_t
ipsec_proto_input(ifnet_t interface,
protocol_family_t protocol,
mbuf_t m,
__unused char *frame_header)
{
struct ip *ip;
uint32_t af = 0;
ip = mtod(m, struct ip *);
if (ip->ip_v == 4)
af = AF_INET;
else if (ip->ip_v == 6)
af = AF_INET6;
mbuf_pkthdr_setrcvif(m, interface);
bpf_tap_in(interface, DLT_NULL, m, &af, sizeof(af));
if (proto_input(protocol, m) != 0)
m_freem(m);
return 0;
}
static errno_t
utun_pkt_input (struct utun_pcb *pcb, mbuf_t m)
{
errno_t result;
protocol_family_t protocol = 0;
mbuf_pkthdr_setrcvif(m, pcb->utun_ifp);
if (m_pktlen(m) >= (int32_t)UTUN_HEADER_SIZE(pcb)) {
protocol = *(u_int32_t *)mbuf_data(m);
bpf_tap_in(pcb->utun_ifp, DLT_NULL, m, 0, 0);
}
if (pcb->utun_flags & UTUN_FLAGS_NO_INPUT) {
/* flush data */
mbuf_freem(m);
return 0;
}
if (!pcb->utun_ext_ifdata_stats) {
struct ifnet_stat_increment_param incs;
bzero(&incs, sizeof(incs));
incs.packets_in = 1;
incs.bytes_in = mbuf_pkthdr_len(m);
result = ifnet_input(pcb->utun_ifp, m, &incs);
} else {
result = ifnet_input(pcb->utun_ifp, m, NULL);
}
if (result != 0) {
ifnet_stat_increment_in(pcb->utun_ifp, 0, 0, 1);
printf("%s - ifnet_input failed: %d\n", __FUNCTION__, result);
mbuf_freem(m);
}
return 0;
}
int
pflog_packet(struct pfi_kif *kif, pbuf_t *pbuf, sa_family_t af, u_int8_t dir,
u_int8_t reason, struct pf_rule *rm, struct pf_rule *am,
struct pf_ruleset *ruleset, struct pf_pdesc *pd)
{
#if NBPFILTER > 0
struct ifnet *ifn;
struct pfloghdr hdr;
struct mbuf *m;
LCK_MTX_ASSERT(pf_lock, LCK_MTX_ASSERT_OWNED);
if (kif == NULL || !pbuf_is_valid(pbuf) || rm == NULL || pd == NULL)
return (-1);
if (rm->logif >= PFLOGIFS_MAX ||
(ifn = pflogifs[rm->logif]) == NULL || !ifn->if_bpf) {
return (0);
}
if ((m = pbuf_to_mbuf(pbuf, FALSE)) == NULL)
return (0);
bzero(&hdr, sizeof (hdr));
hdr.length = PFLOG_REAL_HDRLEN;
hdr.af = af;
hdr.action = rm->action;
hdr.reason = reason;
memcpy(hdr.ifname, kif->pfik_name, sizeof (hdr.ifname));
if (am == NULL) {
hdr.rulenr = htonl(rm->nr);
hdr.subrulenr = -1;
} else {
hdr.rulenr = htonl(am->nr);
hdr.subrulenr = htonl(rm->nr);
if (ruleset != NULL && ruleset->anchor != NULL)
strlcpy(hdr.ruleset, ruleset->anchor->name,
sizeof (hdr.ruleset));
}
if (rm->log & PF_LOG_SOCKET_LOOKUP && !pd->lookup.done)
pd->lookup.done = pf_socket_lookup(dir, pd);
if (pd->lookup.done > 0) {
hdr.uid = pd->lookup.uid;
hdr.pid = pd->lookup.pid;
} else {
hdr.uid = UID_MAX;
hdr.pid = NO_PID;
}
hdr.rule_uid = rm->cuid;
hdr.rule_pid = rm->cpid;
hdr.dir = dir;
#if INET
if (af == AF_INET && dir == PF_OUT) {
struct ip *ip;
ip = mtod(m, struct ip *);
ip->ip_sum = 0;
ip->ip_sum = in_cksum(m, ip->ip_hl << 2);
}
#endif /* INET */
atomic_add_64(&ifn->if_opackets, 1);
atomic_add_64(&ifn->if_obytes, m->m_pkthdr.len);
switch (dir) {
case PF_IN:
bpf_tap_in(ifn, DLT_PFLOG, m, &hdr, PFLOG_HDRLEN);
break;
case PF_OUT:
bpf_tap_out(ifn, DLT_PFLOG, m, &hdr, PFLOG_HDRLEN);
break;
default:
break;
}
#endif /* NBPFILTER > 0 */
return (0);
}