diff options
-rw-r--r-- | sys/contrib/ipfilter/netinet/fil.c | 45 | ||||
-rw-r--r-- | sys/contrib/ipfilter/netinet/ip_ftp_pxy.c | 2 | ||||
-rw-r--r-- | sys/contrib/ipfilter/netinet/ip_nat.c | 37 | ||||
-rw-r--r-- | sys/contrib/ipfilter/netinet/ip_nat.h | 1 | ||||
-rw-r--r-- | sys/contrib/ipfilter/netinet/ip_raudio_pxy.c | 1 | ||||
-rw-r--r-- | sys/contrib/ipfilter/netinet/ip_rcmd_pxy.c | 3 | ||||
-rw-r--r-- | sys/contrib/ipfilter/netinet/ip_state.c | 1 | ||||
-rw-r--r-- | sys/contrib/ipfilter/netinet/ipl.h | 2 | ||||
-rw-r--r-- | sys/netinet/fil.c | 45 | ||||
-rw-r--r-- | sys/netinet/ip_ftp_pxy.c | 2 | ||||
-rw-r--r-- | sys/netinet/ip_nat.c | 37 | ||||
-rw-r--r-- | sys/netinet/ip_nat.h | 1 | ||||
-rw-r--r-- | sys/netinet/ip_raudio_pxy.c | 1 | ||||
-rw-r--r-- | sys/netinet/ip_rcmd_pxy.c | 3 | ||||
-rw-r--r-- | sys/netinet/ip_state.c | 1 | ||||
-rw-r--r-- | sys/netinet/ipl.h | 2 |
16 files changed, 102 insertions, 82 deletions
diff --git a/sys/contrib/ipfilter/netinet/fil.c b/sys/contrib/ipfilter/netinet/fil.c index 12993ca..dcfd65d 100644 --- a/sys/contrib/ipfilter/netinet/fil.c +++ b/sys/contrib/ipfilter/netinet/fil.c @@ -277,32 +277,35 @@ fr_info_t *fin; int minicmpsz = sizeof(struct icmp); icmphdr_t *icmp; - if (fin->fin_dlen > 1) + if (!off && (fin->fin_dlen > 1)) { fin->fin_data[0] = *(u_short *)tcp; - if ((!(plen >= hlen + minicmpsz) && !off) || - (off && off < sizeof(struct icmp))) { - fi->fi_fl |= FI_SHORT; - if (fin->fin_dlen < 2) - break; - } + icmp = (icmphdr_t *)tcp; - icmp = (icmphdr_t *)tcp; + if (icmp->icmp_type == ICMP_ECHOREPLY || + icmp->icmp_type == ICMP_ECHO) + minicmpsz = ICMP_MINLEN; - if (!off && (icmp->icmp_type == ICMP_ECHOREPLY || - icmp->icmp_type == ICMP_ECHO)) - minicmpsz = ICMP_MINLEN; + /* + * type(1) + code(1) + cksum(2) + id(2) seq(2) + + * 3*timestamp(3*4) + */ + else if (icmp->icmp_type == ICMP_TSTAMP || + icmp->icmp_type == ICMP_TSTAMPREPLY) + minicmpsz = 20; - /* type(1) + code(1) + cksum(2) + id(2) seq(2) + - * 3*timestamp(3*4) */ - else if (!off && (icmp->icmp_type == ICMP_TSTAMP || - icmp->icmp_type == ICMP_TSTAMPREPLY)) - minicmpsz = 20; + /* + * type(1) + code(1) + cksum(2) + id(2) seq(2) + + * mask(4) + */ + else if (icmp->icmp_type == ICMP_MASKREQ || + icmp->icmp_type == ICMP_MASKREPLY) + minicmpsz = 12; + } - /* type(1) + code(1) + cksum(2) + id(2) seq(2) + mask(4) */ - else if (!off && (icmp->icmp_type == ICMP_MASKREQ || - icmp->icmp_type == ICMP_MASKREPLY)) - minicmpsz = 12; + if ((!(plen >= hlen + minicmpsz) && !off) || + (off && off < sizeof(struct icmp))) + fi->fi_fl |= FI_SHORT; break; } @@ -1405,7 +1408,7 @@ nodata: * SUCH DAMAGE. * * @(#)uipc_mbuf.c 8.2 (Berkeley) 1/4/94 - * $Id: fil.c,v 2.35.2.26 2000/10/24 11:58:17 darrenr Exp $ + * $Id: fil.c,v 2.35.2.27 2000/10/26 21:20:54 darrenr Exp $ */ /* * Copy data from an mbuf chain starting "off" bytes from the beginning, diff --git a/sys/contrib/ipfilter/netinet/ip_ftp_pxy.c b/sys/contrib/ipfilter/netinet/ip_ftp_pxy.c index c68361a..42966fe 100644 --- a/sys/contrib/ipfilter/netinet/ip_ftp_pxy.c +++ b/sys/contrib/ipfilter/netinet/ip_ftp_pxy.c @@ -251,6 +251,7 @@ int dlen; tcp2->th_dport = 0; /* XXX - don't specify remote port */ fi.fin_data[0] = ntohs(sp); fi.fin_data[1] = 0; + fi.fin_dlen = sizeof(*tcp2); fi.fin_dp = (char *)tcp2; swip = ip->ip_src; ip->ip_src = nat->nat_inip; @@ -466,6 +467,7 @@ int dlen; tcp2->th_sport = 0; /* XXX - fake it for nat_new */ tcp2->th_off = 5; fi.fin_data[0] = a5 << 8 | a6; + fi.fin_dlen = sizeof(*tcp2); tcp2->th_dport = htons(fi.fin_data[0]); fi.fin_data[1] = 0; fi.fin_dp = (char *)tcp2; diff --git a/sys/contrib/ipfilter/netinet/ip_nat.c b/sys/contrib/ipfilter/netinet/ip_nat.c index ca3a27f..aa25ff3 100644 --- a/sys/contrib/ipfilter/netinet/ip_nat.c +++ b/sys/contrib/ipfilter/netinet/ip_nat.c @@ -119,7 +119,6 @@ u_int ipf_nattable_sz = NAT_TABLE_SZ; u_int ipf_natrules_sz = NAT_SIZE; u_int ipf_rdrrules_sz = RDR_SIZE; u_int ipf_hostmap_sz = HOSTMAP_SIZE; -int nat_wilds = 0; u_32_t nat_masks = 0; u_32_t rdr_masks = 0; ipnat_t **nat_rules = NULL; @@ -145,7 +144,7 @@ static void nat_delnat __P((struct ipnat *)); static int fr_natgetent __P((caddr_t)); static int fr_natgetsz __P((caddr_t)); static int fr_natputent __P((caddr_t)); -static void nat_tabmove __P((nat_t *, u_int)); +static void nat_tabmove __P((nat_t *)); static int nat_match __P((fr_info_t *, ipnat_t *, ip_t *)); static hostmap_t *nat_hostmap __P((ipnat_t *, struct in_addr, struct in_addr)); @@ -1005,7 +1004,7 @@ struct nat *natd; struct ipnat *ipn; if (natd->nat_flags & FI_WILDP) - nat_wilds--; + nat_stats.ns_wilds--; if (natd->nat_hnext[0]) natd->nat_hnext[0]->nat_phnext[0] = natd->nat_phnext[0]; *natd->nat_phnext[0] = natd->nat_hnext[0]; @@ -1149,7 +1148,7 @@ int direction; bzero((char *)nat, sizeof(*nat)); nat->nat_flags = flags; if (flags & FI_WILDP) - nat_wilds++; + nat_stats.ns_wilds++; /* * Search the current table for a match. */ @@ -1917,7 +1916,7 @@ u_32_t ports; ((nat->nat_outport == dport) || (nflags & FI_W_SPORT))))) return nat; } - if (!nat_wilds || !(flags & IPN_TCPUDP)) + if (!nat_stats.ns_wilds || !(flags & IPN_TCPUDP)) return NULL; RWLOCK_EXIT(&ipf_nat); hv = NAT_HASH_FN(dst, 0, ipf_nattable_sz); @@ -1936,8 +1935,7 @@ u_32_t ports; continue; if (((nat->nat_oport == sport) || (nflags & FI_W_DPORT)) && ((nat->nat_outport == dport) || (nflags & FI_W_SPORT))) { - hv = NAT_HASH_FN(dst, dport, ipf_nattable_sz); - nat_tabmove(nat, hv); + nat_tabmove(nat); break; } } @@ -1946,11 +1944,11 @@ u_32_t ports; } -static void nat_tabmove(nat, hv) +static void nat_tabmove(nat) nat_t *nat; -u_int hv; { nat_t **natp; + u_int hv; /* * Remove the NAT entry from the old location @@ -1960,9 +1958,14 @@ u_int hv; *nat->nat_phnext[0] = nat->nat_hnext[0]; if (nat->nat_hnext[1]) - nat->nat_hnext[0]->nat_phnext[1] = nat->nat_phnext[1]; + nat->nat_hnext[1]->nat_phnext[1] = nat->nat_phnext[1]; *nat->nat_phnext[1] = nat->nat_hnext[1]; + /* + * Add into the NAT table in the new position + */ + hv = NAT_HASH_FN(nat->nat_inip.s_addr, nat->nat_inport, + ipf_nattable_sz); natp = &nat_table[0][hv]; if (*natp) (*natp)->nat_phnext[0] = &nat->nat_hnext[0]; @@ -1970,9 +1973,8 @@ u_int hv; nat->nat_hnext[0] = *natp; *natp = nat; - /* - * Add into the NAT table in the new position - */ + hv = NAT_HASH_FN(nat->nat_outip.s_addr, nat->nat_outport, + ipf_nattable_sz); natp = &nat_table[1][hv]; if (*natp) (*natp)->nat_phnext[1] = &nat->nat_hnext[1]; @@ -2019,7 +2021,7 @@ u_32_t ports; (nat->nat_oport == dport || nflags & FI_W_DPORT)))) return nat; } - if (!nat_wilds || !(flags & IPN_TCPUDP)) + if (!nat_stats.ns_wilds || !(flags & IPN_TCPUDP)) return NULL; RWLOCK_EXIT(&ipf_nat); hv = NAT_HASH_FN(srcip, 0, ipf_nattable_sz); @@ -2038,8 +2040,7 @@ u_32_t ports; continue; if (((nat->nat_inport == sport) || (nflags & FI_W_DPORT)) && ((nat->nat_oport == dport) || (nflags & FI_W_SPORT))) { - hv = NAT_HASH_FN(srcip, sport, ipf_nattable_sz); - nat_tabmove(nat, hv); + nat_tabmove(nat); break; } } @@ -2180,7 +2181,7 @@ fr_info_t *fin; nat->nat_outport = sport; nat->nat_flags &= ~(FI_W_DPORT|FI_W_SPORT); nflags = nat->nat_flags; - nat_wilds--; + nat_stats.ns_wilds--; } } else { RWLOCK_EXIT(&ipf_nat); @@ -2393,7 +2394,7 @@ fr_info_t *fin; nat->nat_outport = dport; nat->nat_flags &= ~(FI_W_SPORT|FI_W_DPORT); nflags = nat->nat_flags; - nat_wilds--; + nat_stats.ns_wilds--; } } else { RWLOCK_EXIT(&ipf_nat); diff --git a/sys/contrib/ipfilter/netinet/ip_nat.h b/sys/contrib/ipfilter/netinet/ip_nat.h index 4b24d81..da192b3 100644 --- a/sys/contrib/ipfilter/netinet/ip_nat.h +++ b/sys/contrib/ipfilter/netinet/ip_nat.h @@ -208,6 +208,7 @@ typedef struct natstat { u_int ns_rultab_sz; u_int ns_rdrtab_sz; nat_t *ns_instances; + u_int ns_wilds; } natstat_t; #define IPN_ANY 0x000 diff --git a/sys/contrib/ipfilter/netinet/ip_raudio_pxy.c b/sys/contrib/ipfilter/netinet/ip_raudio_pxy.c index ee527a3..8b2c231 100644 --- a/sys/contrib/ipfilter/netinet/ip_raudio_pxy.c +++ b/sys/contrib/ipfilter/netinet/ip_raudio_pxy.c @@ -265,6 +265,7 @@ nat_t *nat; tcp2->th_off = 5; fi.fin_dp = (char *)tcp2; fi.fin_fr = &raudiofr; + fi.fin_dlen = sizeof(*tcp2); tcp2->th_win = htons(8192); slen = ip->ip_len; ip->ip_len = fin->fin_hlen + sizeof(*tcp); diff --git a/sys/contrib/ipfilter/netinet/ip_rcmd_pxy.c b/sys/contrib/ipfilter/netinet/ip_rcmd_pxy.c index 112171f..5baabbf 100644 --- a/sys/contrib/ipfilter/netinet/ip_rcmd_pxy.c +++ b/sys/contrib/ipfilter/netinet/ip_rcmd_pxy.c @@ -1,5 +1,5 @@ /* - * $Id: ip_rcmd_pxy.c,v 1.4.2.2 2000/07/15 12:38:30 darrenr Exp $ + * $Id: ip_rcmd_pxy.c,v 1.4.2.3 2000/10/27 22:54:04 darrenr Exp $ */ /* * Simple RCMD transparent proxy for in-kernel use. For use with the NAT @@ -147,6 +147,7 @@ nat_t *nat; fi.fin_data[0] = ntohs(sp); fi.fin_data[1] = 0; fi.fin_dp = (char *)tcp2; + fi.fin_dlen = sizeof(*tcp2); swip = ip->ip_src; ip->ip_src = nat->nat_inip; ipn = nat_new(nat->nat_ptr, ip, &fi, IPN_TCP|FI_W_DPORT, diff --git a/sys/contrib/ipfilter/netinet/ip_state.c b/sys/contrib/ipfilter/netinet/ip_state.c index ec0fb7c..1e4c851 100644 --- a/sys/contrib/ipfilter/netinet/ip_state.c +++ b/sys/contrib/ipfilter/netinet/ip_state.c @@ -1188,6 +1188,7 @@ u_int hv; * ...and put the hash in the new one. */ hvm = hv % fr_statesize; + is->is_hv = hvm; isp = &ips_table[hvm]; if (*isp) (*isp)->is_phnext = &is->is_hnext; diff --git a/sys/contrib/ipfilter/netinet/ipl.h b/sys/contrib/ipfilter/netinet/ipl.h index 67cbf31..94bae8d 100644 --- a/sys/contrib/ipfilter/netinet/ipl.h +++ b/sys/contrib/ipfilter/netinet/ipl.h @@ -12,6 +12,6 @@ #ifndef __IPL_H__ #define __IPL_H__ -#define IPL_VERSION "IP Filter: v3.4.12" +#define IPL_VERSION "IP Filter: v3.4.13" #endif diff --git a/sys/netinet/fil.c b/sys/netinet/fil.c index 12993ca..dcfd65d 100644 --- a/sys/netinet/fil.c +++ b/sys/netinet/fil.c @@ -277,32 +277,35 @@ fr_info_t *fin; int minicmpsz = sizeof(struct icmp); icmphdr_t *icmp; - if (fin->fin_dlen > 1) + if (!off && (fin->fin_dlen > 1)) { fin->fin_data[0] = *(u_short *)tcp; - if ((!(plen >= hlen + minicmpsz) && !off) || - (off && off < sizeof(struct icmp))) { - fi->fi_fl |= FI_SHORT; - if (fin->fin_dlen < 2) - break; - } + icmp = (icmphdr_t *)tcp; - icmp = (icmphdr_t *)tcp; + if (icmp->icmp_type == ICMP_ECHOREPLY || + icmp->icmp_type == ICMP_ECHO) + minicmpsz = ICMP_MINLEN; - if (!off && (icmp->icmp_type == ICMP_ECHOREPLY || - icmp->icmp_type == ICMP_ECHO)) - minicmpsz = ICMP_MINLEN; + /* + * type(1) + code(1) + cksum(2) + id(2) seq(2) + + * 3*timestamp(3*4) + */ + else if (icmp->icmp_type == ICMP_TSTAMP || + icmp->icmp_type == ICMP_TSTAMPREPLY) + minicmpsz = 20; - /* type(1) + code(1) + cksum(2) + id(2) seq(2) + - * 3*timestamp(3*4) */ - else if (!off && (icmp->icmp_type == ICMP_TSTAMP || - icmp->icmp_type == ICMP_TSTAMPREPLY)) - minicmpsz = 20; + /* + * type(1) + code(1) + cksum(2) + id(2) seq(2) + + * mask(4) + */ + else if (icmp->icmp_type == ICMP_MASKREQ || + icmp->icmp_type == ICMP_MASKREPLY) + minicmpsz = 12; + } - /* type(1) + code(1) + cksum(2) + id(2) seq(2) + mask(4) */ - else if (!off && (icmp->icmp_type == ICMP_MASKREQ || - icmp->icmp_type == ICMP_MASKREPLY)) - minicmpsz = 12; + if ((!(plen >= hlen + minicmpsz) && !off) || + (off && off < sizeof(struct icmp))) + fi->fi_fl |= FI_SHORT; break; } @@ -1405,7 +1408,7 @@ nodata: * SUCH DAMAGE. * * @(#)uipc_mbuf.c 8.2 (Berkeley) 1/4/94 - * $Id: fil.c,v 2.35.2.26 2000/10/24 11:58:17 darrenr Exp $ + * $Id: fil.c,v 2.35.2.27 2000/10/26 21:20:54 darrenr Exp $ */ /* * Copy data from an mbuf chain starting "off" bytes from the beginning, diff --git a/sys/netinet/ip_ftp_pxy.c b/sys/netinet/ip_ftp_pxy.c index c68361a..42966fe 100644 --- a/sys/netinet/ip_ftp_pxy.c +++ b/sys/netinet/ip_ftp_pxy.c @@ -251,6 +251,7 @@ int dlen; tcp2->th_dport = 0; /* XXX - don't specify remote port */ fi.fin_data[0] = ntohs(sp); fi.fin_data[1] = 0; + fi.fin_dlen = sizeof(*tcp2); fi.fin_dp = (char *)tcp2; swip = ip->ip_src; ip->ip_src = nat->nat_inip; @@ -466,6 +467,7 @@ int dlen; tcp2->th_sport = 0; /* XXX - fake it for nat_new */ tcp2->th_off = 5; fi.fin_data[0] = a5 << 8 | a6; + fi.fin_dlen = sizeof(*tcp2); tcp2->th_dport = htons(fi.fin_data[0]); fi.fin_data[1] = 0; fi.fin_dp = (char *)tcp2; diff --git a/sys/netinet/ip_nat.c b/sys/netinet/ip_nat.c index ca3a27f..aa25ff3 100644 --- a/sys/netinet/ip_nat.c +++ b/sys/netinet/ip_nat.c @@ -119,7 +119,6 @@ u_int ipf_nattable_sz = NAT_TABLE_SZ; u_int ipf_natrules_sz = NAT_SIZE; u_int ipf_rdrrules_sz = RDR_SIZE; u_int ipf_hostmap_sz = HOSTMAP_SIZE; -int nat_wilds = 0; u_32_t nat_masks = 0; u_32_t rdr_masks = 0; ipnat_t **nat_rules = NULL; @@ -145,7 +144,7 @@ static void nat_delnat __P((struct ipnat *)); static int fr_natgetent __P((caddr_t)); static int fr_natgetsz __P((caddr_t)); static int fr_natputent __P((caddr_t)); -static void nat_tabmove __P((nat_t *, u_int)); +static void nat_tabmove __P((nat_t *)); static int nat_match __P((fr_info_t *, ipnat_t *, ip_t *)); static hostmap_t *nat_hostmap __P((ipnat_t *, struct in_addr, struct in_addr)); @@ -1005,7 +1004,7 @@ struct nat *natd; struct ipnat *ipn; if (natd->nat_flags & FI_WILDP) - nat_wilds--; + nat_stats.ns_wilds--; if (natd->nat_hnext[0]) natd->nat_hnext[0]->nat_phnext[0] = natd->nat_phnext[0]; *natd->nat_phnext[0] = natd->nat_hnext[0]; @@ -1149,7 +1148,7 @@ int direction; bzero((char *)nat, sizeof(*nat)); nat->nat_flags = flags; if (flags & FI_WILDP) - nat_wilds++; + nat_stats.ns_wilds++; /* * Search the current table for a match. */ @@ -1917,7 +1916,7 @@ u_32_t ports; ((nat->nat_outport == dport) || (nflags & FI_W_SPORT))))) return nat; } - if (!nat_wilds || !(flags & IPN_TCPUDP)) + if (!nat_stats.ns_wilds || !(flags & IPN_TCPUDP)) return NULL; RWLOCK_EXIT(&ipf_nat); hv = NAT_HASH_FN(dst, 0, ipf_nattable_sz); @@ -1936,8 +1935,7 @@ u_32_t ports; continue; if (((nat->nat_oport == sport) || (nflags & FI_W_DPORT)) && ((nat->nat_outport == dport) || (nflags & FI_W_SPORT))) { - hv = NAT_HASH_FN(dst, dport, ipf_nattable_sz); - nat_tabmove(nat, hv); + nat_tabmove(nat); break; } } @@ -1946,11 +1944,11 @@ u_32_t ports; } -static void nat_tabmove(nat, hv) +static void nat_tabmove(nat) nat_t *nat; -u_int hv; { nat_t **natp; + u_int hv; /* * Remove the NAT entry from the old location @@ -1960,9 +1958,14 @@ u_int hv; *nat->nat_phnext[0] = nat->nat_hnext[0]; if (nat->nat_hnext[1]) - nat->nat_hnext[0]->nat_phnext[1] = nat->nat_phnext[1]; + nat->nat_hnext[1]->nat_phnext[1] = nat->nat_phnext[1]; *nat->nat_phnext[1] = nat->nat_hnext[1]; + /* + * Add into the NAT table in the new position + */ + hv = NAT_HASH_FN(nat->nat_inip.s_addr, nat->nat_inport, + ipf_nattable_sz); natp = &nat_table[0][hv]; if (*natp) (*natp)->nat_phnext[0] = &nat->nat_hnext[0]; @@ -1970,9 +1973,8 @@ u_int hv; nat->nat_hnext[0] = *natp; *natp = nat; - /* - * Add into the NAT table in the new position - */ + hv = NAT_HASH_FN(nat->nat_outip.s_addr, nat->nat_outport, + ipf_nattable_sz); natp = &nat_table[1][hv]; if (*natp) (*natp)->nat_phnext[1] = &nat->nat_hnext[1]; @@ -2019,7 +2021,7 @@ u_32_t ports; (nat->nat_oport == dport || nflags & FI_W_DPORT)))) return nat; } - if (!nat_wilds || !(flags & IPN_TCPUDP)) + if (!nat_stats.ns_wilds || !(flags & IPN_TCPUDP)) return NULL; RWLOCK_EXIT(&ipf_nat); hv = NAT_HASH_FN(srcip, 0, ipf_nattable_sz); @@ -2038,8 +2040,7 @@ u_32_t ports; continue; if (((nat->nat_inport == sport) || (nflags & FI_W_DPORT)) && ((nat->nat_oport == dport) || (nflags & FI_W_SPORT))) { - hv = NAT_HASH_FN(srcip, sport, ipf_nattable_sz); - nat_tabmove(nat, hv); + nat_tabmove(nat); break; } } @@ -2180,7 +2181,7 @@ fr_info_t *fin; nat->nat_outport = sport; nat->nat_flags &= ~(FI_W_DPORT|FI_W_SPORT); nflags = nat->nat_flags; - nat_wilds--; + nat_stats.ns_wilds--; } } else { RWLOCK_EXIT(&ipf_nat); @@ -2393,7 +2394,7 @@ fr_info_t *fin; nat->nat_outport = dport; nat->nat_flags &= ~(FI_W_SPORT|FI_W_DPORT); nflags = nat->nat_flags; - nat_wilds--; + nat_stats.ns_wilds--; } } else { RWLOCK_EXIT(&ipf_nat); diff --git a/sys/netinet/ip_nat.h b/sys/netinet/ip_nat.h index 4b24d81..da192b3 100644 --- a/sys/netinet/ip_nat.h +++ b/sys/netinet/ip_nat.h @@ -208,6 +208,7 @@ typedef struct natstat { u_int ns_rultab_sz; u_int ns_rdrtab_sz; nat_t *ns_instances; + u_int ns_wilds; } natstat_t; #define IPN_ANY 0x000 diff --git a/sys/netinet/ip_raudio_pxy.c b/sys/netinet/ip_raudio_pxy.c index ee527a3..8b2c231 100644 --- a/sys/netinet/ip_raudio_pxy.c +++ b/sys/netinet/ip_raudio_pxy.c @@ -265,6 +265,7 @@ nat_t *nat; tcp2->th_off = 5; fi.fin_dp = (char *)tcp2; fi.fin_fr = &raudiofr; + fi.fin_dlen = sizeof(*tcp2); tcp2->th_win = htons(8192); slen = ip->ip_len; ip->ip_len = fin->fin_hlen + sizeof(*tcp); diff --git a/sys/netinet/ip_rcmd_pxy.c b/sys/netinet/ip_rcmd_pxy.c index 112171f..5baabbf 100644 --- a/sys/netinet/ip_rcmd_pxy.c +++ b/sys/netinet/ip_rcmd_pxy.c @@ -1,5 +1,5 @@ /* - * $Id: ip_rcmd_pxy.c,v 1.4.2.2 2000/07/15 12:38:30 darrenr Exp $ + * $Id: ip_rcmd_pxy.c,v 1.4.2.3 2000/10/27 22:54:04 darrenr Exp $ */ /* * Simple RCMD transparent proxy for in-kernel use. For use with the NAT @@ -147,6 +147,7 @@ nat_t *nat; fi.fin_data[0] = ntohs(sp); fi.fin_data[1] = 0; fi.fin_dp = (char *)tcp2; + fi.fin_dlen = sizeof(*tcp2); swip = ip->ip_src; ip->ip_src = nat->nat_inip; ipn = nat_new(nat->nat_ptr, ip, &fi, IPN_TCP|FI_W_DPORT, diff --git a/sys/netinet/ip_state.c b/sys/netinet/ip_state.c index ec0fb7c..1e4c851 100644 --- a/sys/netinet/ip_state.c +++ b/sys/netinet/ip_state.c @@ -1188,6 +1188,7 @@ u_int hv; * ...and put the hash in the new one. */ hvm = hv % fr_statesize; + is->is_hv = hvm; isp = &ips_table[hvm]; if (*isp) (*isp)->is_phnext = &is->is_hnext; diff --git a/sys/netinet/ipl.h b/sys/netinet/ipl.h index 67cbf31..94bae8d 100644 --- a/sys/netinet/ipl.h +++ b/sys/netinet/ipl.h @@ -12,6 +12,6 @@ #ifndef __IPL_H__ #define __IPL_H__ -#define IPL_VERSION "IP Filter: v3.4.12" +#define IPL_VERSION "IP Filter: v3.4.13" #endif |