diff options
| author | julian <julian@FreeBSD.org> | 1998-06-05 22:40:01 +0000 |
|---|---|---|
| committer | julian <julian@FreeBSD.org> | 1998-06-05 22:40:01 +0000 |
| commit | f7a6c6446198ae23d997bc4486e475fc29eac0a9 (patch) | |
| tree | 12135a908d89d9059a51c47f514b68038409b3e7 /sys/netinet/ip_fw.c | |
| parent | 3baa0462547cb98ece8c9d8ac604a70290e7d83f (diff) | |
| download | FreeBSD-src-f7a6c6446198ae23d997bc4486e475fc29eac0a9.zip FreeBSD-src-f7a6c6446198ae23d997bc4486e475fc29eac0a9.tar.gz | |
Reverse the default sense of the IPFW/DIVERT reinjection code
so that the new behaviour is now default.
Solves the "infinite loop in diversion" problem when more than one diversion
is active.
Man page changes follow.
The new code is in -stable as the NON default option.
Diffstat (limited to 'sys/netinet/ip_fw.c')
| -rw-r--r-- | sys/netinet/ip_fw.c | 26 |
1 files changed, 13 insertions, 13 deletions
diff --git a/sys/netinet/ip_fw.c b/sys/netinet/ip_fw.c index 112d9ca..df5e2f8 100644 --- a/sys/netinet/ip_fw.c +++ b/sys/netinet/ip_fw.c @@ -12,7 +12,7 @@ * * This software is provided ``AS IS'' without any warranties of any kind. * - * $Id: ip_fw.c,v 1.83 1998/05/19 14:04:29 dg Exp $ + * $Id: ip_fw.c,v 1.84 1998/05/25 10:37:44 julian Exp $ */ /* @@ -103,13 +103,13 @@ static ip_fw_chk_t *old_chk_ptr; static ip_fw_ctl_t *old_ctl_ptr; #endif -#ifndef IPFW_DIVERT_RESTART +#ifdef IPFW_DIVERT_OLDRESTART static int ip_fw_chk __P((struct ip **pip, int hlen, struct ifnet *oif, int ignport, struct mbuf **m)); #else static int ip_fw_chk __P((struct ip **pip, int hlen, struct ifnet *oif, int pastrule, struct mbuf **m)); -#endif /* IPFW_DIVERT_RESTART */ +#endif /* IPFW_DIVERT_OLDRESTART */ static int ip_fw_ctl __P((int stage, struct mbuf **mm)); static char err_prefix[] = "ip_fw_ctl:"; @@ -386,7 +386,7 @@ ipfw_report(struct ip_fw *f, struct ip *ip, * ip Pointer to packet header (struct ip *) * hlen Packet header length * oif Outgoing interface, or NULL if packet is incoming - * #ifndef IPFW_DIVERT_RESTART + * #ifdef IPFW_DIVERT_OLDRESTART * ignport Ignore all divert/tee rules to this port (if non-zero) * #else * pastrule Skip up to the first rule past this rule number; @@ -402,13 +402,13 @@ ipfw_report(struct ip_fw *f, struct ip *ip, */ static int -#ifndef IPFW_DIVERT_RESTART +#ifdef IPFW_DIVERT_OLDRESTART ip_fw_chk(struct ip **pip, int hlen, struct ifnet *oif, int ignport, struct mbuf **m) #else ip_fw_chk(struct ip **pip, int hlen, struct ifnet *oif, int pastrule, struct mbuf **m) -#endif /* IPFW_DIVERT_RESTART */ +#endif /* IPFW_DIVERT_OLDRESTART */ { struct ip_fw_chain *chain; struct ip_fw *rule = NULL; @@ -419,11 +419,11 @@ ip_fw_chk(struct ip **pip, int hlen, /* * Go down the chain, looking for enlightment - * #ifdef IPFW_DIVERT_RESTART + * #ifndef IPFW_DIVERT_OLDRESTART * If we've been asked to start at a given rule immediatly, do so. * #endif */ -#ifndef IPFW_DIVERT_RESTART +#ifdef IPFW_DIVERT_OLDRESTART for (chain=LIST_FIRST(&ip_fw_chain); chain; chain = LIST_NEXT(chain, chain)) { #else chain=LIST_FIRST(&ip_fw_chain); @@ -436,7 +436,7 @@ ip_fw_chk(struct ip **pip, int hlen, if (! chain) goto dropit; } for (; chain; chain = LIST_NEXT(chain, chain)) { -#endif /* IPFW_DIVERT_RESTART */ +#endif /* IPFW_DIVERT_OLDRESTART */ register struct ip_fw *const f = chain->rule; if (oif) { @@ -586,7 +586,7 @@ bogusfrag: } got_match: -#ifndef IPFW_DIVERT_RESTART +#ifdef IPFW_DIVERT_OLDRESTART /* Ignore divert/tee rule if socket port is "ignport" */ switch (f->fw_flg & IP_FW_F_COMMAND) { case IP_FW_F_DIVERT: @@ -596,7 +596,7 @@ got_match: break; } -#endif /* IPFW_DIVERT_RESTART */ +#endif /* IPFW_DIVERT_OLDRESTART */ /* Update statistics */ f->fw_pcnt += 1; f->fw_bcnt += ip->ip_len; @@ -613,9 +613,9 @@ got_match: case IP_FW_F_COUNT: continue; case IP_FW_F_DIVERT: -#ifdef IPFW_DIVERT_RESTART +#ifndef IPFW_DIVERT_OLDRESTART ip_divert_in_cookie = f->fw_number; -#endif /* IPFW_DIVERT_RESTART */ +#endif /* IPFW_DIVERT_OLDRESTART */ return(f->fw_divert_port); case IP_FW_F_TEE: /* |
