diff options
author | ru <ru@FreeBSD.org> | 1999-06-11 11:27:35 +0000 |
---|---|---|
committer | ru <ru@FreeBSD.org> | 1999-06-11 11:27:35 +0000 |
commit | b11f0f2989aecba9264d60642d050a356a15e086 (patch) | |
tree | 056f17797e8cbdaca3b42a0c073159854c13ccb0 | |
parent | cacd46046aaf15f05a1e557bd4132786e487df31 (diff) | |
download | FreeBSD-src-b11f0f2989aecba9264d60642d050a356a15e086.zip FreeBSD-src-b11f0f2989aecba9264d60642d050a356a15e086.tar.gz |
Don't accept divert/tee/pipe rules without corresponding option.
PR: 10324
Reviewed by: luigi
-rw-r--r-- | sys/netinet/ip_fw.c | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/sys/netinet/ip_fw.c b/sys/netinet/ip_fw.c index 557dcf0..2375cac 100644 --- a/sys/netinet/ip_fw.c +++ b/sys/netinet/ip_fw.c @@ -12,7 +12,7 @@ * * This software is provided ``AS IS'' without any warranties of any kind. * - * $Id: ip_fw.c,v 1.111 1999/05/03 23:57:28 billf Exp $ + * $Id: ip_fw.c,v 1.112 1999/05/24 10:01:15 luigi Exp $ */ /* @@ -329,12 +329,14 @@ ipfw_report(struct ip_fw *f, struct ip *ip, case IP_FW_F_COUNT: printf("Count"); break; +#ifdef IPDIVERT case IP_FW_F_DIVERT: printf("Divert %d", f->fw_divert_port); break; case IP_FW_F_TEE: printf("Tee %d", f->fw_divert_port); break; +#endif case IP_FW_F_SKIPTO: printf("SkipTo %d", f->fw_skipto_rule); break; @@ -742,7 +744,6 @@ got_match: case IP_FW_F_DIVERT: *cookie = f->fw_number; return(f->fw_divert_port); -#endif case IP_FW_F_TEE: /* * XXX someday tee packet here, but beware that you @@ -753,6 +754,7 @@ got_match: * to write custom routine. */ continue; +#endif case IP_FW_F_SKIPTO: /* XXX check */ if ( f->next_rule_ptr ) chain = f->next_rule_ptr ; @@ -1111,14 +1113,20 @@ check_ipfw_struct(struct ip_fw *frwl) return (EINVAL); } break; +#if defined(IPDIVERT) || defined(DUMMYNET) +#ifdef IPDIVERT case IP_FW_F_DIVERT: /* Diverting to port zero is invalid */ - case IP_FW_F_PIPE: /* piping through 0 is invalid */ case IP_FW_F_TEE: +#endif +#ifdef DUMMYNET + case IP_FW_F_PIPE: /* piping through 0 is invalid */ +#endif if (frwl->fw_divert_port == 0) { dprintf(("%s can't divert to port 0\n", err_prefix)); return (EINVAL); } break; +#endif /* IPDIVERT || DUMMYNET */ case IP_FW_F_DENY: case IP_FW_F_ACCEPT: case IP_FW_F_COUNT: |