From d3c4500dd0fe079f0851ccedbe2aaf5c512a5f7b Mon Sep 17 00:00:00 2001
From: ru <ru@FreeBSD.org>
Date: Fri, 6 Oct 2000 12:12:09 +0000
Subject: As we now may check the TCP header window field, make sure we pullup
 enough into the mbuf data area.  Solve this problem once and for all by
 pulling up the entire (standard) header for TCP and UDP, and four bytes of
 header for ICMP (enough for type, code and cksum fields).

---
 sys/netinet/ip_fw.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'sys/netinet')

diff --git a/sys/netinet/ip_fw.c b/sys/netinet/ip_fw.c
index 57bc845..e81b159 100644
--- a/sys/netinet/ip_fw.c
+++ b/sys/netinet/ip_fw.c
@@ -991,7 +991,7 @@ ip_fw_chk(struct ip **pip, int hlen,
 	     */
 	    switch (proto) {
 	    case IPPROTO_TCP :
-		PULLUP_TO(hlen + 14);
+		PULLUP_TO(hlen + sizeof(struct tcphdr));
 		tcp =(struct tcphdr *)((u_int32_t *)ip + ip->ip_hl);
 		dst_port = tcp->th_dport ;
 		src_port = tcp->th_sport ;
@@ -999,20 +999,20 @@ ip_fw_chk(struct ip **pip, int hlen,
 		break ;
 
 	    case IPPROTO_UDP :
-		PULLUP_TO(hlen + 4);
+		PULLUP_TO(hlen + sizeof(struct udphdr));
 		udp =(struct udphdr *)((u_int32_t *)ip + ip->ip_hl);
 		dst_port = udp->uh_dport ;
 		src_port = udp->uh_sport ;
 		break;
 
 	    case IPPROTO_ICMP:
-		PULLUP_TO(hlen + 2);
+		PULLUP_TO(hlen + 4);	/* type, code and checksum. */
 		flags = ((struct icmp *)
 			((u_int32_t *)ip + ip->ip_hl))->icmp_type ;
 		break ;
 
 	    default :
-		src_port = dst_port = 0 ;
+		break;
 	    }
 #undef PULLUP_TO
 	    last_pkt.src_ip = ntohl(src_ip.s_addr) ;
-- 
cgit v1.1