diff options
Diffstat (limited to 'sys/contrib/ipfilter/netinet/fil.c')
-rw-r--r-- | sys/contrib/ipfilter/netinet/fil.c | 93 |
1 files changed, 39 insertions, 54 deletions
diff --git a/sys/contrib/ipfilter/netinet/fil.c b/sys/contrib/ipfilter/netinet/fil.c index a981fcb..96432a1 100644 --- a/sys/contrib/ipfilter/netinet/fil.c +++ b/sys/contrib/ipfilter/netinet/fil.c @@ -3,7 +3,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. */ -#if defined(__sgi) && (IRIX > 602) +#ifdef __sgi # include <sys/ptimers.h> #endif #include <sys/errno.h> @@ -95,9 +95,11 @@ #endif #include "netinet/ipl.h" +#include <machine/in_cksum.h> + #if !defined(lint) static const char sccsid[] = "@(#)fil.c 1.36 6/5/96 (C) 1993-2000 Darren Reed"; -static const char rcsid[] = "@(#)$Id: fil.c,v 2.35.2.67 2002/12/06 13:28:05 darrenr Exp $"; +static const char rcsid[] = "@(#)$FreeBSD$"; #endif #ifndef _KERNEL @@ -699,8 +701,7 @@ void *m; if (!fr_tcpudpchk(&fr->fr_tuc, fin)) continue; } else if (fr->fr_icmpm || fr->fr_icmp) { - if (((fi->fi_p != IPPROTO_ICMP) && - (fi->fi_p != IPPROTO_ICMPV6)) || off || + if ((fi->fi_p != IPPROTO_ICMP) || off || (fin->fin_dlen < 2)) continue; if ((fin->fin_data[0] & fr->fr_icmpm) != fr->fr_icmp) { @@ -815,26 +816,6 @@ int out; # endif int up; -# if !SOLARIS && !defined(NETBSD_PF) && \ - ((defined(__FreeBSD__) && (__FreeBSD_version < 500011)) || \ - defined(__OpenBSD__) || defined(_BSDI_VERSION)) - if (fr_checkp != fr_check && fr_running > 0) { - static int counter = 0; - - if (counter == 0) { - printf("WARNING: fr_checkp corrupt: value %lx\n", - (u_long)fr_checkp); - printf("WARNING: fr_checkp should be %lx\n", - (u_long)fr_check); - printf("WARNING: fixing fr_checkp\n"); - } - fr_checkp = fr_check; - counter++; - if (counter == 10000) - counter = 0; - } -# endif - # ifdef M_CANFASTFWD /* * XXX For now, IP Filter and fast-forwarding of cached flows @@ -940,6 +921,15 @@ int out; # endif #endif /* _KERNEL */ +#ifndef __FreeBSD__ + /* + * Be careful here: ip_id is in network byte order when called + * from ip_output() + */ + if ((out) && (v == 4)) + ip->ip_id = ntohs(ip->ip_id); +#endif + changed = 0; fin->fin_ifp = ifp; fin->fin_v = v; @@ -1182,6 +1172,11 @@ logit: } #endif /* IPFILTER_LOG */ +#ifndef __FreeBSD__ + if ((out) && (v == 4)) + ip->ip_id = htons(ip->ip_id); +#endif + #ifdef _KERNEL /* * Only allow FR_DUP to work if a rule matched - it makes no sense to @@ -1193,7 +1188,7 @@ logit: mc = dupmsg(m); # else # if defined(__OpenBSD__) && (OpenBSD >= 199905) - mc = m_copym2(m, 0, M_COPYALL, M_DONTWAIT); + mc = m_copym2(m, 0, M_COPYALL, M_NOWAIT); # else mc = m_copy(m, 0, M_COPYALL); # endif @@ -1531,7 +1526,7 @@ nodata: * SUCH DAMAGE. * * @(#)uipc_mbuf.c 8.2 (Berkeley) 1/4/94 - * $Id: fil.c,v 2.35.2.67 2002/12/06 13:28:05 darrenr Exp $ + * $Id: fil.c,v 2.35.2.63 2002/08/28 12:40:08 darrenr Exp $ */ /* * Copy data from an mbuf chain starting "off" bytes from the beginning, @@ -1592,7 +1587,7 @@ m_copyback(m0, off, len, cp) off -= mlen; totlen += mlen; if (m->m_next == 0) { - n = m_getclr(M_DONTWAIT, m->m_type); + n = m_getclr(M_NOWAIT, m->m_type); if (n == 0) goto out; n->m_len = min(MLEN, len + off); @@ -1611,7 +1606,7 @@ m_copyback(m0, off, len, cp) if (len == 0) break; if (m->m_next == 0) { - n = m_get(M_DONTWAIT, m->m_type); + n = m_get(M_NOWAIT, m->m_type); if (n == 0) break; n->m_len = min(MLEN, len); @@ -1737,9 +1732,9 @@ frentry_t **listp; } -int frflush(unit, proto, flags) +int frflush(unit, flags) minor_t unit; -int proto, flags; +int flags; { int flushed = 0, set; @@ -1754,35 +1749,19 @@ int proto, flags; if (flags & FR_OUTQUE) { #ifdef USE_INET6 - if (proto == 0 || proto == 6) { - (void) frflushlist(set, unit, - &flushed, &ipfilter6[1][set]); - (void) frflushlist(set, unit, - &flushed, &ipacct6[1][set]); - } + (void) frflushlist(set, unit, &flushed, &ipfilter6[1][set]); + (void) frflushlist(set, unit, &flushed, &ipacct6[1][set]); #endif - if (proto == 0 || proto == 4) { - (void) frflushlist(set, unit, - &flushed, &ipfilter[1][set]); - (void) frflushlist(set, unit, - &flushed, &ipacct[1][set]); - } + (void) frflushlist(set, unit, &flushed, &ipfilter[1][set]); + (void) frflushlist(set, unit, &flushed, &ipacct[1][set]); } if (flags & FR_INQUE) { #ifdef USE_INET6 - if (proto == 0 || proto == 6) { - (void) frflushlist(set, unit, - &flushed, &ipfilter6[0][set]); - (void) frflushlist(set, unit, - &flushed, &ipacct6[0][set]); - } + (void) frflushlist(set, unit, &flushed, &ipfilter6[0][set]); + (void) frflushlist(set, unit, &flushed, &ipacct6[0][set]); #endif - if (proto == 0 || proto == 4) { - (void) frflushlist(set, unit, - &flushed, &ipfilter[0][set]); - (void) frflushlist(set, unit, - &flushed, &ipacct[0][set]); - } + (void) frflushlist(set, unit, &flushed, &ipfilter[0][set]); + (void) frflushlist(set, unit, &flushed, &ipacct[0][set]); } RWLOCK_EXIT(&ipf_mutex); return flushed; @@ -1984,6 +1963,9 @@ void frsync() (defined(__FreeBSD_version) && (__FreeBSD_version >= 300000)) # if (NetBSD >= 199905) || defined(__OpenBSD__) for (ifp = ifnet.tqh_first; ifp; ifp = ifp->if_list.tqe_next) +# elif defined(__FreeBSD_version) && (__FreeBSD_version >= 500043) + IFNET_RLOCK(); + TAILQ_FOREACH(ifp, &ifnet, if_link) # else for (ifp = ifnet.tqh_first; ifp; ifp = ifp->if_link.tqe_next) # endif @@ -1994,6 +1976,9 @@ void frsync() ip_natsync(ifp); ip_statesync(ifp); } +# if defined(__FreeBSD_version) && (__FreeBSD_version >= 500043) + IFNET_RUNLOCK(); +# endif ip_natsync((struct ifnet *)-1); # endif /* !SOLARIS */ |