Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-1-4]: src/sys/netinet Pull up revision 1.19 (requested by darrenr):
details: https://anonhg.NetBSD.org/src/rev/bef0da5d9c27
branches: netbsd-1-4
changeset: 469979:bef0da5d9c27
user: he <he%NetBSD.org@localhost>
date: Sat Jan 08 16:42:47 2000 +0000
description:
Pull up revision 1.19 (requested by darrenr):
Update IPF to version 3.3.6.
diffstat:
sys/netinet/ip_state.c | 54 +++++++++++++++++++++++++++++++------------------
1 files changed, 34 insertions(+), 20 deletions(-)
diffs (145 lines):
diff -r 2d8e61521de2 -r bef0da5d9c27 sys/netinet/ip_state.c
--- a/sys/netinet/ip_state.c Sat Jan 08 16:42:23 2000 +0000
+++ b/sys/netinet/ip_state.c Sat Jan 08 16:42:47 2000 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ip_state.c,v 1.17.2.1 1999/12/20 21:07:26 he Exp $ */
+/* $NetBSD: ip_state.c,v 1.17.2.2 2000/01/08 16:42:47 he Exp $ */
/*
* Copyright (C) 1995-1998 by Darren Reed.
@@ -9,7 +9,7 @@
*/
#if !defined(lint)
#if defined(__NetBSD__)
-static const char rcsid[] = "$NetBSD: ip_state.c,v 1.17.2.1 1999/12/20 21:07:26 he Exp $";
+static const char rcsid[] = "$NetBSD: ip_state.c,v 1.17.2.2 2000/01/08 16:42:47 he Exp $";
#else
static const char sccsid[] = "@(#)ip_state.c 1.8 6/5/96 (C) 1993-1995 Darren Reed";
static const char rcsid[] = "@(#)Id: ip_state.c,v 2.3.2.14 1999/11/30 13:46:05 darrenr Exp";
@@ -229,6 +229,14 @@
} else
error = EINVAL;
break;
+#ifdef IPFILTER_LOG
+ case SIOCIPFFB :
+ if (!(mode & FWRITE))
+ error = EPERM;
+ else
+ *(int *)data = ipflog_clear(IPL_LOGSTATE);
+ break;
+#endif
case SIOCGIPST :
IWCOPY((caddr_t)fr_statetstats(), data, sizeof(ips_stat_t));
break;
@@ -658,12 +666,12 @@
struct icmp *ic;
u_short savelen;
fr_info_t ofin;
- u_int hv, dest;
tcphdr_t *tcp;
icmphdr_t *icmp;
frentry_t *fr;
ip_t *oip;
int type;
+ u_int hv;
/*
* Does it at least have the return (basic) IP header ?
@@ -697,8 +705,10 @@
* XXX theoretically ICMP_ECHOREP and the other reply's are
* ICMP query's as well, but adding them here seems strange XXX
*/
- if ((icmp->icmp_type != ICMP_ECHO) && (icmp->icmp_type != ICMP_TSTAMP) &&
- (icmp->icmp_type != ICMP_IREQ) && (icmp->icmp_type != ICMP_MASKREQ))
+ if ((icmp->icmp_type != ICMP_ECHO) &&
+ (icmp->icmp_type != ICMP_TSTAMP) &&
+ (icmp->icmp_type != ICMP_IREQ) &&
+ (icmp->icmp_type != ICMP_MASKREQ))
return NULL;
/*
@@ -708,8 +718,10 @@
hv = (pr = oip->ip_p);
hv += (src.s_addr = oip->ip_src.s_addr);
hv += (dst.s_addr = oip->ip_dst.s_addr);
- hv += icmp->icmp_id;
- hv += icmp->icmp_seq;
+ if (icmp->icmp_type == ICMP_ECHO) {
+ hv += icmp->icmp_id;
+ hv += icmp->icmp_seq;
+ }
hv %= fr_statesize;
oip->ip_len = ntohs(oip->ip_len);
@@ -718,30 +730,30 @@
ofin.fin_ifp = fin->fin_ifp;
ofin.fin_out = !fin->fin_out;
ofin.fin_mp = NULL; /* if dereferenced, panic XXX */
-
+
READ_ENTER(&ipf_state);
for (isp = &ips_table[hv]; (is = *isp); isp = &is->is_next)
if ((is->is_p == pr) &&
- (icmp->icmp_id == is->is_icmp.ics_id) &&
- (icmp->icmp_seq == is->is_icmp.ics_seq) &&
fr_matchsrcdst(is, src, dst, &ofin, NULL)) {
-
/*
* in the state table ICMP query's are stored
* with the type of the corresponding ICMP
* response. Correct here
*/
if (((is->is_type == ICMP_ECHOREPLY) &&
+ (icmp->icmp_id == is->is_icmp.ics_id) &&
+ (icmp->icmp_seq == is->is_icmp.ics_seq) &&
(icmp->icmp_type == ICMP_ECHO)) ||
- (is->is_type - 1 == ic->icmp_type )) {
+ (is->is_type - 1 == ic->icmp_type)) {
ips_stats.iss_hits++;
is->is_pkts++;
is->is_bytes += ip->ip_len;
- return is->is_rule;
+ fr = is->is_rule;
+ RWLOCK_EXIT(&ipf_state);
+ return fr;
}
}
RWLOCK_EXIT(&ipf_state);
-
return NULL;
};
@@ -792,7 +804,6 @@
* we must swap src and dst here because the icmp
* comes the other way around
*/
- dest = (is->is_dst.s_addr != src.s_addr);
is->is_pkts++;
is->is_bytes += ip->ip_len;
/*
@@ -840,17 +851,20 @@
switch (ip->ip_p)
{
case IPPROTO_ICMP :
- hv += ic->icmp_id;
- hv += ic->icmp_seq;
+ if ((ic->icmp_type == ICMP_ECHO) ||
+ (ic->icmp_type == ICMP_ECHOREPLY)) {
+ hv += ic->icmp_id;
+ hv += ic->icmp_seq;
+ }
hv %= fr_statesize;
READ_ENTER(&ipf_state);
for (isp = &ips_table[hv]; (is = *isp); isp = &is->is_next)
if ((is->is_p == pr) &&
- (ic->icmp_id == is->is_icmp.ics_id) &&
- (ic->icmp_seq == is->is_icmp.ics_seq) &&
fr_matchsrcdst(is, src, dst, fin, NULL)) {
if ((is->is_type == ICMP_ECHOREPLY) &&
- (ic->icmp_type == ICMP_ECHO))
+ (ic->icmp_type == ICMP_ECHO) &&
+ (ic->icmp_id == is->is_icmp.ics_id) &&
+ (ic->icmp_seq == is->is_icmp.ics_seq))
;
else if (is->is_type != ic->icmp_type)
continue;
Home |
Main Index |
Thread Index |
Old Index