summaryrefslogtreecommitdiffstats
path: root/sys/contrib/pf
diff options
context:
space:
mode:
authormlaier <mlaier@FreeBSD.org>2004-04-11 17:35:40 +0000
committermlaier <mlaier@FreeBSD.org>2004-04-11 17:35:40 +0000
commitd2fa2c987e4b828babd4a3cbb7f0c19158189960 (patch)
tree49ea0fd3dbf46f47f611363537c3f76b114bdd21 /sys/contrib/pf
parent6dbee1d482a8a6cbbde2a40207aefd9e8b6b3113 (diff)
downloadFreeBSD-src-d2fa2c987e4b828babd4a3cbb7f0c19158189960.zip
FreeBSD-src-d2fa2c987e4b828babd4a3cbb7f0c19158189960.tar.gz
Commit import of OpenBSD-stable fix:
Fix by dhartmei@ and mcbride@ 1.433 Properly m_copyback() modified TCP sequence number after demodulation 1.432 Fix icmp checksum when sequence number modlation is being used. Also fix a daddr vs saddr cut-n-paste error in ICMP error handling. Fixes PR 3724 Obtained from: OpenBSD Reviewed by: dhartmei Approved by: rwatson
Diffstat (limited to 'sys/contrib/pf')
-rw-r--r--sys/contrib/pf/net/pf.c17
1 files changed, 11 insertions, 6 deletions
diff --git a/sys/contrib/pf/net/pf.c b/sys/contrib/pf/net/pf.c
index c3d8b99..d492096 100644
--- a/sys/contrib/pf/net/pf.c
+++ b/sys/contrib/pf/net/pf.c
@@ -1,5 +1,5 @@
/* $FreeBSD$ */
-/* $OpenBSD: pf.c,v 1.389.2.2 2004/03/14 00:13:42 brad Exp $ */
+/* $OpenBSD: pf.c,v 1.389.2.3 2004/04/10 09:38:19 brad Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -4312,6 +4312,7 @@ pf_test_state_icmp(struct pf_state **state, int direction, struct ifnet *ifp,
struct pf_tree_node key;
struct pf_state_peer *src, *dst;
u_int8_t dws;
+ int copyback = 0;
/*
* Only the first 8 bytes of the TCP header can be
@@ -4349,9 +4350,11 @@ pf_test_state_icmp(struct pf_state **state, int direction, struct ifnet *ifp,
/* Demodulate sequence number */
seq = ntohl(th.th_seq) - src->seqdiff;
- if (src->seqdiff)
- pf_change_a(&th.th_seq, &th.th_sum,
+ if (src->seqdiff) {
+ pf_change_a(&th.th_seq, icmpsum,
htonl(seq), 0);
+ copyback = 1;
+ }
if (!SEQ_GEQ(src->seqhi, seq) ||
!SEQ_GEQ(seq, src->seqlo - (dst->max_win << dws))) {
@@ -4371,7 +4374,7 @@ pf_test_state_icmp(struct pf_state **state, int direction, struct ifnet *ifp,
if (STATE_TRANSLATE(*state)) {
if (direction == PF_IN) {
pf_change_icmp(pd2.src, &th.th_sport,
- saddr, &(*state)->lan.addr,
+ daddr, &(*state)->lan.addr,
(*state)->lan.port, NULL,
pd2.ip_sum, icmpsum,
pd->ip_sum, 0, pd2.af);
@@ -4382,6 +4385,10 @@ pf_test_state_icmp(struct pf_state **state, int direction, struct ifnet *ifp,
pd2.ip_sum, icmpsum,
pd->ip_sum, 0, pd2.af);
}
+ copyback = 1;
+ }
+
+ if (copyback) {
switch (pd2.af) {
#ifdef INET
case AF_INET:
@@ -4402,8 +4409,6 @@ pf_test_state_icmp(struct pf_state **state, int direction, struct ifnet *ifp,
#endif /* INET6 */
}
m_copyback(m, off2, 8, (caddr_t)&th);
- } else if (src->seqdiff) {
- m_copyback(m, off2, 8, (caddr_t)&th);
}
return (PF_PASS);
OpenPOWER on IntegriCloud