[src/trunk]: src/sys/external/bsd/ipf/netinet Disconnect maintaining fragment...

[christos <christos%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/13b92af205f7
branches:  trunk
changeset: 823463:13b92af205f7
user:      christos <christos%NetBSD.org@localhost>
date:      Sun Apr 23 20:47:22 2017 +0000

description:
Disconnect maintaining fragment state from keeping session state. The user
now must specify keep frags along with keep state to have ipfilter do what
it did before, as documented in ipf.conf.5. (Cy Schubert @ FreeBSD)

diffstat:

 sys/external/bsd/ipf/netinet/fil.c      |  6 +++---
 sys/external/bsd/ipf/netinet/ip_state.c |  7 ++++---
 2 files changed, 7 insertions(+), 6 deletions(-)

diffs (55 lines):

diff -r 172490437d9a -r 13b92af205f7 sys/external/bsd/ipf/netinet/fil.c
--- a/sys/external/bsd/ipf/netinet/fil.c        Sun Apr 23 19:09:29 2017 +0000
+++ b/sys/external/bsd/ipf/netinet/fil.c        Sun Apr 23 20:47:22 2017 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: fil.c,v 1.19 2016/08/05 09:06:52 christos Exp $        */
+/*     $NetBSD: fil.c,v 1.20 2017/04/23 20:47:22 christos Exp $        */
 
 /*
  * Copyright (C) 2012 by Darren Reed.
@@ -138,7 +138,7 @@
 #if !defined(lint)
 #if defined(__NetBSD__)
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: fil.c,v 1.19 2016/08/05 09:06:52 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: fil.c,v 1.20 2017/04/23 20:47:22 christos Exp $");
 #else
 static const char sccsid[] = "@(#)fil.c        1.36 6/5/96 (C) 1993-2000 Darren Reed";
 static const char rcsid[] = "@(#)Id: fil.c,v 1.1.1.2 2012/07/22 13:45:07 darrenr Exp $";
@@ -2723,7 +2723,7 @@
         * If the rule has "keep frag" and the packet is actually a fragment,
         * then create a fragment state entry.
         */
-       if ((pass & (FR_KEEPFRAG|FR_KEEPSTATE)) == FR_KEEPFRAG) {
+       if (pass & FR_KEEPFRAG) {
                if (fin->fin_flx & FI_FRAG) {
                        if (ipf_frag_new(softc, fin, pass) == -1) {
                                LBUMP(ipf_stats[out].fr_bnfr);
diff -r 172490437d9a -r 13b92af205f7 sys/external/bsd/ipf/netinet/ip_state.c
--- a/sys/external/bsd/ipf/netinet/ip_state.c   Sun Apr 23 19:09:29 2017 +0000
+++ b/sys/external/bsd/ipf/netinet/ip_state.c   Sun Apr 23 20:47:22 2017 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: ip_state.c,v 1.6 2013/09/14 12:16:11 martin Exp $      */
+/*     $NetBSD: ip_state.c,v 1.7 2017/04/23 20:47:22 christos Exp $    */
 
 /*
  * Copyright (C) 2012 by Darren Reed.
@@ -100,7 +100,7 @@
 #if !defined(lint)
 #if defined(__NetBSD__)
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip_state.c,v 1.6 2013/09/14 12:16:11 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip_state.c,v 1.7 2017/04/23 20:47:22 christos Exp $");
 #else
 static const char sccsid[] = "@(#)ip_state.c   1.8 6/5/96 (C) 1993-2000 Darren Reed";
 static const char rcsid[] = "@(#)Id: ip_state.c,v 1.1.1.2 2012/07/22 13:45:37 darrenr Exp";
@@ -3341,7 +3341,8 @@
         * If this packet is a fragment and the rule says to track fragments,
         * then create a new fragment cache entry.
         */
-       if ((fin->fin_flx & FI_FRAG) && FR_ISPASS(is->is_pass))
+       if (fin->fin_flx & FI_FRAG && FR_ISPASS(is->is_pass) &&
+          is->is_pass & FR_KEEPFRAG)
                (void) ipf_frag_new(softc, fin, is->is_pass);
 
        /*