diff options
| author | nsayer <nsayer@FreeBSD.org> | 1999-03-30 23:45:34 +0000 |
|---|---|---|
| committer | nsayer <nsayer@FreeBSD.org> | 1999-03-30 23:45:34 +0000 |
| commit | 5588dd15e19f2b9215a8b45db6747947b0792672 (patch) | |
| tree | 2696d38a65ec370b2ce5cb09c64740d56b54d1cd /sys/netinet | |
| parent | e8d255dd8211778306edd31d1379052ab7750b67 (diff) | |
| download | FreeBSD-src-5588dd15e19f2b9215a8b45db6747947b0792672.zip FreeBSD-src-5588dd15e19f2b9215a8b45db6747947b0792672.tar.gz | |
Merge from RELENG_2_2, per luigi. Fixes the ntoh?() issue for the
firewall code when called from the bridge code.
PR: 10818
Submitted by: nsayer
Obtained from: luigi
Diffstat (limited to 'sys/netinet')
| -rw-r--r-- | sys/netinet/ip_fw.c | 40 |
1 files changed, 22 insertions, 18 deletions
diff --git a/sys/netinet/ip_fw.c b/sys/netinet/ip_fw.c index e1dd360..464a78d 100644 --- a/sys/netinet/ip_fw.c +++ b/sys/netinet/ip_fw.c @@ -12,7 +12,7 @@ * * This software is provided ``AS IS'' without any warranties of any kind. * - * $Id: ip_fw.c,v 1.103 1998/12/31 07:43:29 luigi Exp $ + * $Id: ip_fw.c,v 1.104 1999/02/16 10:49:52 dfr Exp $ */ /* @@ -483,7 +483,7 @@ ip_fw_chk(struct ip **pip, int hlen, printf("-- m_len %d, need more...\n", (*m)->m_len); goto non_ip ; } - offset = (ntohs(ip->ip_off) & IP_OFFMASK); + offset = (ip->ip_off & IP_OFFMASK); break ; default : non_ip: ip = NULL ; @@ -553,13 +553,13 @@ again: * 2 src ports (interval) is match ether type * 3 src ports is match ether address */ - if ( f->fw_src.s_addr != 0 || f->fw_prot != IPPROTO_UDP) + if ( f->fw_src.s_addr != 0 || f->fw_prot != IPPROTO_UDP + || f->fw_smsk.s_addr != 0xffffffff ) continue; switch (IP_FW_GETNSRCP(f)) { case 1: /* match one type */ if ( /* ( (f->fw_flg & IP_FW_F_INVSRC) != 0) ^ */ ( f->fw_uar.fw_pts[0] == ntohs(eh->ether_type) ) ) { - printf("match!\n"); goto got_match ; } break ; @@ -616,19 +616,23 @@ again: if (ip->ip_p != f->fw_prot) continue; -#define PULLUP_TO(len) \ - do { \ - if ((*m)->m_len < (len) ) { \ - if ( (*m = m_pullup(*m, (len))) == 0) \ - goto bogusfrag; \ - ip = mtod(*m, struct ip *); \ - if (pip) { \ - *pip = ip ; \ - offset = (ip->ip_off & IP_OFFMASK); \ - } else \ - offset = (ntohs(ip->ip_off) & IP_OFFMASK); \ - } \ - } while (0) +/* + * here, pip==NULL for bridged pkts -- they include the ethernet + * header so i have to adjust lengths accordingly + */ +#define PULLUP_TO(l) do { \ + int len = (pip ? l : l + 14 ) ; \ + if ((*m)->m_len < (len) ) { \ + if ( (*m = m_pullup(*m, (len))) == 0) \ + goto bogusfrag; \ + ip = mtod(*m, struct ip *); \ + if (pip) \ + *pip = ip ; \ + else \ + ip = (struct ip *)((int)ip + 14); \ + offset = (ip->ip_off & IP_OFFMASK); \ + } \ + } while (0) /* Protocol specific checks */ switch (ip->ip_p) { @@ -715,7 +719,7 @@ got_match: /* Update statistics */ f->fw_pcnt += 1; if (ip) { - f->fw_bcnt += pip ? ip->ip_len : ntohs(ip->ip_len); + f->fw_bcnt += ip->ip_len; } f->timestamp = time_second; |
