diff options
author | dg <dg@FreeBSD.org> | 1995-07-09 14:29:46 +0000 |
---|---|---|
committer | dg <dg@FreeBSD.org> | 1995-07-09 14:29:46 +0000 |
commit | de86e245161ba3d1d28dd8cbabd4daaf5813b06c (patch) | |
tree | ebc6ee77d76238d51062644bc81b80bc531bcc11 /sys | |
parent | 873428202f4d1c10ed4e2d3587a6fcfc3dc33ba1 (diff) | |
download | FreeBSD-src-de86e245161ba3d1d28dd8cbabd4daaf5813b06c.zip FreeBSD-src-de86e245161ba3d1d28dd8cbabd4daaf5813b06c.tar.gz |
Fixed panic that occurs on certain firewall rejected packets that was
caused by dtom() being used on an mbuf cluster. The fix involves passing
around the mbuf pointer.
Submitted by: Bill Fenner
Diffstat (limited to 'sys')
-rw-r--r-- | sys/netinet/ip_fw.c | 5 | ||||
-rw-r--r-- | sys/netinet/ip_fw.h | 4 | ||||
-rw-r--r-- | sys/netinet/ip_fwdef.c | 4 | ||||
-rw-r--r-- | sys/netinet/ip_input.c | 4 |
4 files changed, 8 insertions, 9 deletions
diff --git a/sys/netinet/ip_fw.c b/sys/netinet/ip_fw.c index c9d86f8..0798b7b 100644 --- a/sys/netinet/ip_fw.c +++ b/sys/netinet/ip_fw.c @@ -104,7 +104,8 @@ port_match(portptr, nports, port, range_flag) #ifdef IPFIREWALL int -ip_fw_chk(ip, rif, chain) +ip_fw_chk(m, ip, rif, chain) + struct mbuf *m; struct ip *ip; struct ifnet *rif; struct ip_fw *chain; @@ -115,7 +116,6 @@ ip_fw_chk(ip, rif, chain) struct icmp *icmp = (struct icmp *) ((u_long *) ip + ip->ip_hl); struct ifaddr *ia = NULL, *ia_p; struct in_addr src, dst, ia_i; - struct mbuf *m; u_short src_port = 0, dst_port = 0; u_short f_prt = 0, prt; char notcpsyn = 1; @@ -302,7 +302,6 @@ got_match: return TRUE; bad_packet: - m = dtom(ip); if (f != NULL) { /* * Do not ICMP reply to icmp packets....:) or to packets diff --git a/sys/netinet/ip_fw.h b/sys/netinet/ip_fw.h index 47e5131..ca77905 100644 --- a/sys/netinet/ip_fw.h +++ b/sys/netinet/ip_fw.h @@ -126,7 +126,7 @@ extern struct ip_fw *ip_acct_chain; /* * Function pointers. */ -extern int (*ip_fw_chk_ptr)(struct ip *,struct ifnet *,struct ip_fw *); +extern int (*ip_fw_chk_ptr)(struct mbuf *, struct ip *,struct ifnet *,struct ip_fw *); extern int (*ip_fw_ctl_ptr)(int,struct mbuf *); extern void (*ip_acct_cnt_ptr)(struct ip *,struct ifnet *,struct ip_fw *,int); @@ -135,7 +135,7 @@ extern int (*ip_acct_ctl_ptr)(int,struct mbuf *); /* * Function definitions. */ -int ip_fw_chk(struct ip *,struct ifnet *,struct ip_fw *); +int ip_fw_chk(struct mbuf *, struct ip *,struct ifnet *,struct ip_fw *); int ip_fw_ctl(int,struct mbuf *); void ip_acct_cnt(struct ip *,struct ifnet *,struct ip_fw *,int); diff --git a/sys/netinet/ip_fwdef.c b/sys/netinet/ip_fwdef.c index 249a7b3..d44ad57 100644 --- a/sys/netinet/ip_fwdef.c +++ b/sys/netinet/ip_fwdef.c @@ -38,10 +38,10 @@ struct ip_fw *ip_fw_chain; struct ip_fw *ip_acct_chain; #ifdef IPFIREWALL -int (*ip_fw_chk_ptr)(struct ip *, struct ifnet *, struct ip_fw *) = &ip_fw_chk; +int (*ip_fw_chk_ptr)(struct mbuf *, struct ip *, struct ifnet *, struct ip_fw *) = &ip_fw_chk; int (*ip_fw_ctl_ptr)(int, struct mbuf *) = &ip_fw_ctl; #else -int (*ip_fw_chk_ptr)(struct ip *, struct ifnet *, struct ip_fw *); +int (*ip_fw_chk_ptr)(struct mbuf *, struct ip *, struct ifnet *, struct ip_fw *); int (*ip_fw_ctl_ptr)(int, struct mbuf *); #endif diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c index c1a3b5a..d91a0f9 100644 --- a/sys/netinet/ip_input.c +++ b/sys/netinet/ip_input.c @@ -31,7 +31,7 @@ * SUCH DAMAGE. * * @(#)ip_input.c 8.2 (Berkeley) 1/4/94 - * $Id: ip_input.c,v 1.23 1995/06/13 17:51:10 wollman Exp $ + * $Id: ip_input.c,v 1.24 1995/06/27 17:26:27 guido Exp $ */ #include <sys/param.h> @@ -242,7 +242,7 @@ next: */ if (ip_fw_chk_ptr!=NULL) - if (!(*ip_fw_chk_ptr)(ip,m->m_pkthdr.rcvif,ip_fw_chain) ) { + if (!(*ip_fw_chk_ptr)(m,ip,m->m_pkthdr.rcvif,ip_fw_chain) ) { goto next; } |