diff options
| author | glebius <glebius@FreeBSD.org> | 2013-11-14 14:20:35 +0000 |
|---|---|---|
| committer | glebius <glebius@FreeBSD.org> | 2013-11-14 14:20:35 +0000 |
| commit | 544cc7da1e2d2b5eaee7344d5fdaebfba13d6ec5 (patch) | |
| tree | c92a322deda9e7133cea9d11f8a7ebf5ccf99a03 /sys/netpfil | |
| parent | 5cc483db907f8cc46cc62a28d0713d938794559f (diff) | |
| download | FreeBSD-src-544cc7da1e2d2b5eaee7344d5fdaebfba13d6ec5.zip FreeBSD-src-544cc7da1e2d2b5eaee7344d5fdaebfba13d6ec5.tar.gz | |
Some fixups to pf_get_sport after r257223:
- Do not return blindly if proto isn't ICMP.
- The dport is in network order, so fix comparisons.
- Remove ridiculous htonl(arc4random()).
- Push local variable to a narrower block.
Diffstat (limited to 'sys/netpfil')
| -rw-r--r-- | sys/netpfil/pf/pf_lb.c | 11 |
1 files changed, 4 insertions, 7 deletions
diff --git a/sys/netpfil/pf/pf_lb.c b/sys/netpfil/pf/pf_lb.c index e80d105..bc7cc09 100644 --- a/sys/netpfil/pf/pf_lb.c +++ b/sys/netpfil/pf/pf_lb.c @@ -227,7 +227,6 @@ pf_get_sport(sa_family_t af, u_int8_t proto, struct pf_rule *r, { struct pf_state_key_cmp key; struct pf_addr init_addr; - uint16_t cut; bzero(&init_addr, sizeof(init_addr)); if (pf_map_addr(af, r, saddr, naddr, &init_addr, sn)) @@ -235,21 +234,19 @@ pf_get_sport(sa_family_t af, u_int8_t proto, struct pf_rule *r, switch (proto) { case IPPROTO_ICMP: - if (dport != ICMP_ECHO) + if (dport != htons(ICMP_ECHO)) return (0); low = 1; high = 65535; break; #ifdef INET6 case IPPROTO_ICMPV6: - if (dport != ICMP_ECHO) + if (dport != htons(ICMP6_ECHO_REQUEST)) return (0); low = 1; high = 65535; break; #endif - default: - return (0); /* Don't try to modify non-echo ICMP */ } bzero(&key, sizeof(key)); @@ -283,7 +280,7 @@ pf_get_sport(sa_family_t af, u_int8_t proto, struct pf_rule *r, return (0); } } else { - uint16_t tmp; + uint16_t tmp, cut; if (low > high) { tmp = low; @@ -291,7 +288,7 @@ pf_get_sport(sa_family_t af, u_int8_t proto, struct pf_rule *r, high = tmp; } /* low < high */ - cut = htonl(arc4random()) % (1 + high - low) + low; + cut = arc4random() % (1 + high - low) + low; /* low <= cut <= high */ for (tmp = cut; tmp <= high; ++(tmp)) { key.port[1] = htons(tmp); |
