diff options
author | glebius <glebius@FreeBSD.org> | 2012-02-06 11:35:29 +0000 |
---|---|---|
committer | glebius <glebius@FreeBSD.org> | 2012-02-06 11:35:29 +0000 |
commit | d050a38ab423c57cd15f6818d1d27faf9a35b352 (patch) | |
tree | 2eb43c8c15636e42b731b89be197bba24de15363 /sys/netinet | |
parent | 52c17430bc70cd8c1e6dc2ff5c7786cc3f4871e4 (diff) | |
download | FreeBSD-src-d050a38ab423c57cd15f6818d1d27faf9a35b352.zip FreeBSD-src-d050a38ab423c57cd15f6818d1d27faf9a35b352.tar.gz |
Make the 'tcpwin' option of ipfw(8) accept ranges and lists.
Submitted by: sem
Diffstat (limited to 'sys/netinet')
-rw-r--r-- | sys/netinet/ipfw/ip_fw2.c | 18 | ||||
-rw-r--r-- | sys/netinet/ipfw/ip_fw_sockopt.c | 2 |
2 files changed, 17 insertions, 3 deletions
diff --git a/sys/netinet/ipfw/ip_fw2.c b/sys/netinet/ipfw/ip_fw2.c index 12a7fb9..82ffb98 100644 --- a/sys/netinet/ipfw/ip_fw2.c +++ b/sys/netinet/ipfw/ip_fw2.c @@ -1650,8 +1650,22 @@ do { \ break; case O_TCPWIN: - match = (proto == IPPROTO_TCP && offset == 0 && - cmd->arg1 == TCP(ulp)->th_win); + if (proto == IPPROTO_TCP && offset == 0) { + uint16_t x; + uint16_t *p; + int i; + + x = ntohs(TCP(ulp)->th_win); + if (cmdlen == 1) { + match = (cmd->arg1 == x); + break; + } + /* Otherwise we have ranges. */ + p = ((ipfw_insn_u16 *)cmd)->ports; + i = cmdlen - 1; + for (; !match && i > 0; i--, p += 2) + match = (x >= p[0] && x <= p[1]); + } break; case O_ESTAB: diff --git a/sys/netinet/ipfw/ip_fw_sockopt.c b/sys/netinet/ipfw/ip_fw_sockopt.c index dce3fdc..1302452 100644 --- a/sys/netinet/ipfw/ip_fw_sockopt.c +++ b/sys/netinet/ipfw/ip_fw_sockopt.c @@ -569,7 +569,6 @@ check_ipfw_struct(struct ip_fw *rule, int size) case O_IPPRECEDENCE: case O_IPVER: case O_SOCKARG: - case O_TCPWIN: case O_TCPFLAGS: case O_TCPOPTS: case O_ESTAB: @@ -679,6 +678,7 @@ check_ipfw_struct(struct ip_fw *rule, int size) case O_IPTTL: case O_IPLEN: case O_TCPDATALEN: + case O_TCPWIN: case O_TAGGED: if (cmdlen < 1 || cmdlen > 31) goto bad_size; |