Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Resync with official IPF

This commit is contained in:
martti 2002-09-19 08:12:43 +00:00
parent 5b3c5dc17f
commit b69124b84c
13 changed files with 116 additions and 119 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
sys/netinet/fil.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: fil.c,v 1.57 2002/09/19 08:09:10 martti Exp $ */
/* $NetBSD: fil.c,v 1.58 2002/09/19 08:12:43 martti Exp $ */
/*
* Copyright (C) 1993-2001 by Darren Reed.
@ -100,7 +100,7 @@
#if !defined(lint)
#if defined(__NetBSD__)
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: fil.c,v 1.57 2002/09/19 08:09:10 martti Exp $");
__KERNEL_RCSID(0, "$NetBSD: fil.c,v 1.58 2002/09/19 08:12:43 martti Exp $");
#else
static const char sccsid[] = "@(#)fil.c 1.36 6/5/96 (C) 1993-2000 Darren Reed";
static const char rcsid[] = "@(#)Id: fil.c,v 2.35.2.63 2002/08/28 12:40:08 darrenr Exp";
@ -152,9 +152,6 @@ static int frflushlist __P((int, minor_t, int *, frentry_t **));
#ifdef _KERNEL
static void frsynclist __P((frentry_t *));
#endif
#ifndef _KERNEL
int mbuflen(mb_t *);
#endif
/*
@ -616,7 +613,7 @@ void *m;
#endif
FR_VERBOSE(("%c", fr->fr_skip ? 's' :
(pass & FR_PASS) ? 'p' :
(pass & FR_PASS) ? 'p' :
(pass & FR_AUTH) ? 'a' :
(pass & FR_ACCOUNT) ? 'A' :
(pass & FR_NOMATCH) ? 'n' : 'b'));
@ -928,7 +925,7 @@ int out;
fin->fin_qif = qif;
# endif
#endif /* _KERNEL */
changed = 0;
fin->fin_ifp = ifp;
fin->fin_v = v;
@ -1676,10 +1673,10 @@ minor_t which;
int set;
{
frgroup_t *fg, **fgp;
if (!(fg = fr_findgroup(num, flags, which, set, &fgp)))
return;
*fgp = fg->fg_next;
KFREE(fg);
}
@ -1711,7 +1708,7 @@ frentry_t **listp;
ATOMIC_DEC32(fp->fr_ref);
if (fp->fr_grhead) {
fr_delgroup(fp->fr_grhead, fp->fr_flags,
fr_delgroup(fp->fr_grhead, fp->fr_flags,
unit, set);
fp->fr_grhead = 0;
}

6
sys/netinet/ip_auth.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: ip_auth.c,v 1.29 2002/09/19 08:09:11 martti Exp $ */
/* $NetBSD: ip_auth.c,v 1.30 2002/09/19 08:12:45 martti Exp $ */
/*
* Copyright (C) 1998-2001 by Darren Reed & Guido van Rooij.
@ -108,7 +108,7 @@ extern struct ifqueue ipintrq; /* ip packet input queue */
#if !defined(lint)
#if defined(__NetBSD__)
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: ip_auth.c,v 1.29 2002/09/19 08:09:11 martti Exp $");
__KERNEL_RCSID(0, "$NetBSD: ip_auth.c,v 1.30 2002/09/19 08:12:45 martti Exp $");
#else
static const char rcsid[] = "@(#)Id: ip_auth.c,v 2.11.2.20 2002/06/04 14:40:42 darrenr Exp";
#endif
@ -503,7 +503,7 @@ fr_authioctlloop:
/*
* If we experience an error which will result in the packet
* not being processed, make sure we advance to the next one.
*/
*/
if (error == ENOBUFS) {
fr_authused--;
fra->fra_index = -1;

8
sys/netinet/ip_compat.h
View File

@ -1,4 +1,4 @@
/* $NetBSD: ip_compat.h,v 1.30 2002/09/19 08:09:11 martti Exp $ */
/* $NetBSD: ip_compat.h,v 1.31 2002/09/19 08:12:46 martti Exp $ */
/*
* Copyright (C) 1993-2001 by Darren Reed.
@ -258,8 +258,8 @@ typedef u_int32_t u_32_t;
# include "opt_inet6.h"
# endif
# ifdef INET6
# define USE_INET6
# endif
# define USE_INET6
# endif
# endif
# if !defined(_KERNEL) && !defined(IPFILTER_LKM) && !defined(USE_INET6)
# if (defined(__FreeBSD_version) && (__FreeBSD_version >= 400000)) || \
@ -1087,7 +1087,7 @@ typedef struct uio {
# define SPL_X(x)
# define SPL_NET(x)
# define SPL_IMP(x)
# define bcmp(a,b,c) memcmp(a,b,c)
# define bcopy(a,b,c) memcpy(b,a,c)
# define bzero(a,c) memset(a,0,c)

17
sys/netinet/ip_fil.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: ip_fil.c,v 1.85 2002/09/19 08:09:12 martti Exp $ */
/* $NetBSD: ip_fil.c,v 1.86 2002/09/19 08:12:47 martti Exp $ */
/*
* Copyright (C) 1993-2001 by Darren Reed.
@ -123,7 +123,7 @@ extern int ip_optcopy __P((struct ip *, struct ip *));
#if !defined(lint)
#if defined(__NetBSD__)
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: ip_fil.c,v 1.85 2002/09/19 08:09:12 martti Exp $");
__KERNEL_RCSID(0, "$NetBSD: ip_fil.c,v 1.86 2002/09/19 08:12:47 martti Exp $");
#else
static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed";
static const char rcsid[] = "@(#)Id: ip_fil.c,v 2.42.2.60 2002/08/28 12:40:39 darrenr Exp";
@ -199,6 +199,15 @@ struct timeout ipfr_slowtimer_ch;
toid_t ipfr_slowtimer_ch;
#endif
#if defined(__NetBSD__) && (__NetBSD_Version__ >= 106080000) && \
defined(_KERNEL)
#include <sys/conf.h>
const struct cdevsw ipl_cdevsw = {
iplopen, iplclose, iplread, nowrite, iplioctl,
nostop, notty, nopoll, nommap,
};
#endif
#if (_BSDI_VERSION >= 199510) && defined(_KERNEL)
# include <sys/device.h>
# include <sys/conf.h>
@ -291,7 +300,7 @@ struct mbuf **mp;
struct ifnet *ifp;
int dir;
{
return (fr_check(mtod(*mp, struct ip *), sizeof(struct ip6_hdr),
ifp, (dir == PFIL_OUT), mp));
}
@ -1834,7 +1843,7 @@ sendorfree:
else
m_freem(m);
}
}
}
done:
if (!error)
ipl_frouteok[0]++;

7
sys/netinet/ip_fil.h
View File

@ -1,4 +1,4 @@
/* $NetBSD: ip_fil.h,v 1.46 2002/09/19 08:09:13 martti Exp $ */
/* $NetBSD: ip_fil.h,v 1.47 2002/09/19 08:12:48 martti Exp $ */
/*
* Copyright (C) 1993-2002 by Darren Reed.
@ -416,7 +416,8 @@ typedef struct frgroup {
typedef struct iplog {
u_32_t ipl_magic;
u_int ipl_count;
struct timeval ipl_time;
u_long ipl_sec;
u_long ipl_usec;
size_t ipl_dsize;
struct iplog *ipl_next;
} iplog_t;
@ -643,7 +644,7 @@ extern int fr_minttllog;
extern fr_info_t frcache[2];
extern char ipfilter_version[];
extern iplog_t **iplh[IPL_LOGMAX+1], *iplt[IPL_LOGMAX+1];
extern u_32_t iplused[IPL_LOGMAX + 1];
extern size_t iplused[IPL_LOGMAX + 1];
extern struct frentry *ipfilter[2][2], *ipacct[2][2];
#ifdef USE_INET6
extern struct frentry *ipfilter6[2][2], *ipacct6[2][2];

12
sys/netinet/ip_frag.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: ip_frag.c,v 1.33 2002/09/19 08:09:14 martti Exp $ */
/* $NetBSD: ip_frag.c,v 1.34 2002/09/19 08:12:49 martti Exp $ */
/*
* Copyright (C) 1993-2001 by Darren Reed.
@ -93,7 +93,7 @@ extern struct timeout ipfr_slowtimer_ch;
#if !defined(lint)
#if defined(__NetBSD__)
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: ip_frag.c,v 1.33 2002/09/19 08:09:14 martti Exp $");
__KERNEL_RCSID(0, "$NetBSD: ip_frag.c,v 1.34 2002/09/19 08:12:49 martti Exp $");
#else
static const char sccsid[] = "@(#)ip_frag.c 1.11 3/24/96 (C) 1993-2000 Darren Reed";
static const char rcsid[] = "@(#)Id: ip_frag.c,v 2.10.2.24 2002/08/28 12:41:04 darrenr Exp";
@ -216,7 +216,7 @@ ipfr_t *table[];
/*
* Compute the offset of the expected start of the next packet.
*/
off = ntohs(ip->ip_off) & IP_OFFMASK;
off = ip->ip_off & IP_OFFMASK;
if (!off)
fra->ipfr_seen0 = 1;
fra->ipfr_off = off + (fin->fin_dlen >> 3);
@ -284,7 +284,7 @@ ipfr_t *table[];
{
ipfr_t *f, frag;
u_int idx;
/*
* For fragments, we record protocol, packet id, TOS and both IP#'s
* (these should all be the same for all fragments of a packet).
@ -348,7 +348,7 @@ ipfr_t *table[];
* last (in order), shrink expiration time.
*/
if (off == f->ipfr_off) {
if (!(ip->ip_off & htons(IP_MF)))
if (!(ip->ip_off & IP_MF))
f->ipfr_ttl = 1;
else
f->ipfr_off = atoff;
@ -586,7 +586,7 @@ void ipfr_slowtimer()
#if defined(_KERNEL) && SOLARIS
extern int fr_running;
if (fr_running <= 0)
if (fr_running <= 0)
return;
READ_ENTER(&ipf_solaris);
#endif

8
sys/netinet/ip_ftp_pxy.c
View File

@ -1,7 +1,7 @@
/* $NetBSD: ip_ftp_pxy.c,v 1.25 2002/09/19 08:09:15 martti Exp $ */
/* $NetBSD: ip_ftp_pxy.c,v 1.26 2002/09/19 08:12:50 martti Exp $ */
#include <sys/cdefs.h>
__KERNEL_RCSID(1, "$NetBSD: ip_ftp_pxy.c,v 1.25 2002/09/19 08:09:15 martti Exp $");
__KERNEL_RCSID(1, "$NetBSD: ip_ftp_pxy.c,v 1.26 2002/09/19 08:12:50 martti Exp $");
/*
* Simple FTP transparent proxy for in-kernel use. For use with the NAT
@ -44,10 +44,6 @@ extern kmutex_t ipf_rw;
#define FTPXY_PASS_2 14
#define FTPXY_PAOK_2 15
#ifndef _KERNEL
extern int mbuflen(mb_t *);
#endif
int ippr_ftp_client __P((fr_info_t *, ip_t *, nat_t *, ftpinfo_t *, int));
int ippr_ftp_complete __P((char *, size_t));
int ippr_ftp_in __P((fr_info_t *, ip_t *, ap_session_t *, nat_t *));

38
sys/netinet/ip_h323_pxy.c
View File

@ -1,8 +1,8 @@
/* $NetBSD: ip_h323_pxy.c,v 1.5 2002/09/19 08:09:16 martti Exp $ */
/* $NetBSD: ip_h323_pxy.c,v 1.6 2002/09/19 08:12:51 martti Exp $ */
/*
* Copyright 2001, QNX Software Systems Ltd. All Rights Reserved
*
*
* This source code has been published by QNX Software Systems Ltd. (QSSL).
* However, any use, reproduction, modification, distribution or transfer of
* this software, or any software which includes or is based upon any of this
@ -16,7 +16,7 @@
/*
* Simple H.323 proxy
*
*
* by xtang@canada.com
* ported to ipfilter 3.4.20 by Michael Grant mg-ipf@grant.org
*/
@ -28,7 +28,7 @@
# include <sys/ioctl.h>
#endif
__KERNEL_RCSID(1, "$NetBSD: ip_h323_pxy.c,v 1.5 2002/09/19 08:09:16 martti Exp $");
__KERNEL_RCSID(1, "$NetBSD: ip_h323_pxy.c,v 1.6 2002/09/19 08:12:51 martti Exp $");
#define IPF_H323_PROXY
@ -63,7 +63,7 @@ unsigned short *port;
if (datlen < 6)
return -1;
*port = 0;
offset = *off;
dp = (u_char *)data;
@ -78,7 +78,7 @@ unsigned short *port;
}
}
*off = offset;
return (offset > datlen - 6) ? -1 : 0;
return (offset > datlen - 6) ? -1 : 0;
}
/*
@ -112,13 +112,13 @@ ap_session_t *aps;
{
int i;
ipnat_t *ipn;
if (aps->aps_data) {
for (i = 0, ipn = aps->aps_data;
i < (aps->aps_psiz / sizeof(ipnat_t));
i < (aps->aps_psiz / sizeof(ipnat_t));
i++, ipn = (ipnat_t *)((char *)ipn + sizeof(*ipn)))
{
/*
/*
* Check the comment in ippr_h323_in() function,
* just above nat_ioctl() call.
* We are lucky here because this function is not
@ -158,10 +158,10 @@ nat_t *nat;
unsigned short port;
unsigned char *data;
tcphdr_t *tcp;
tcp = (tcphdr_t *)fin->fin_dp;
ipaddr = ip->ip_src.s_addr;
data = (unsigned char *)tcp + (tcp->th_off << 2);
datlen = fin->fin_dlen - (tcp->th_off << 2);
if (find_port(ipaddr, data, datlen, &off, &port) == 0) {
@ -179,17 +179,17 @@ nat_t *nat;
ipn = (ipnat_t *)&newarray[aps->aps_psiz];
bcopy(nat->nat_ptr, ipn, sizeof(ipnat_t));
strncpy(ipn->in_plabel, "h245", APR_LABELLEN);
ipn->in_inip = nat->nat_inip.s_addr;
ipn->in_inmsk = 0xffffffff;
ipn->in_dport = htons(port);
/*
/*
* we got a problem here. we need to call nat_ioctl() to add
* the h245 proxy rule, but since we already hold (READ locked)
* the nat table rwlock (ipf_nat), if we go into nat_ioctl(),
* it will try to WRITE lock it. This will causing dead lock
* on RTP.
*
*
* The quick & dirty solution here is release the read lock,
* call nat_ioctl() and re-lock it.
* A (maybe better) solution is do a UPGRADE(), and instead
@ -241,7 +241,7 @@ nat_t *nat;
u_short port;
unsigned char *data;
tcphdr_t *tcp;
tcp = (tcphdr_t *)fin->fin_dp;
ipaddr = nat->nat_inip.s_addr;
data = (unsigned char *)tcp + (tcp->th_off << 2);
@ -256,21 +256,21 @@ nat_t *nat;
if (ipn == NULL) {
struct ip newip;
struct udphdr udp;
bcopy(ip, &newip, sizeof(newip));
newip.ip_len = fin->fin_hlen + sizeof(udp);
newip.ip_p = IPPROTO_UDP;
newip.ip_src = nat->nat_inip;
bzero(&udp, sizeof(udp));
udp.uh_sport = port;
bcopy(fin, &fi, sizeof(fi));
fi.fin_fi.fi_p = IPPROTO_UDP;
fi.fin_data[0] = port;
fi.fin_data[1] = 0;
fi.fin_dp = (char *)&udp;
ipn = nat_new(&fi, &newip, nat->nat_ptr, NULL,
IPN_UDP|FI_W_DPORT, NAT_OUTBOUND);
if (ipn != NULL) {

20
sys/netinet/ip_log.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: ip_log.c,v 1.21 2002/07/01 13:55:35 christos Exp $ */
/* $NetBSD: ip_log.c,v 1.22 2002/09/19 08:12:51 martti Exp $ */
/*
* Copyright (C) 1997-2001 by Darren Reed.
@ -9,7 +9,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: ip_log.c,v 1.21 2002/07/01 13:55:35 christos Exp $");
__KERNEL_RCSID(0, "$NetBSD: ip_log.c,v 1.22 2002/09/19 08:12:51 martti Exp $");
#include <sys/param.h>
#if defined(KERNEL) && !defined(_KERNEL)
@ -133,7 +133,7 @@ extern kcondvar_t iplwait;
# endif
iplog_t **iplh[IPL_LOGMAX+1], *iplt[IPL_LOGMAX+1], *ipll[IPL_LOGMAX+1];
u_32_t iplused[IPL_LOGMAX+1];
size_t iplused[IPL_LOGMAX+1];
static fr_info_t iplcrc[IPL_LOGMAX+1];
@ -195,7 +195,7 @@ mb_t *m;
struct icmp *icmp;
icmp = (struct icmp *)fin->fin_dp;
/*
* For ICMP, if the packet is an error packet, also
* include the information about the packet which
@ -288,7 +288,7 @@ int *types, cnt;
iplog_t *ipl;
size_t len;
int i;
/*
* Check to see if this log record has a CRC which matches the last
* record logged. If it does, just up the count on the previous one
@ -340,15 +340,15 @@ int *types, cnt;
ipl->ipl_dsize = len;
# ifdef _KERNEL
# if SOLARIS || defined(sun)
uniqtime(&ipl->ipl_time);
uniqtime((struct timeval *)&ipl->ipl_sec);
# else
# if BSD >= 199306 || defined(__FreeBSD__) || defined(__sgi)
microtime(&ipl->ipl_time);
microtime((struct timeval *)&ipl->ipl_sec);
# endif
# endif
# else
ipl->ipl_time.tv_sec = 0;
ipl->ipl_time.tv_usec = 0;
ipl->ipl_sec = 0;
ipl->ipl_usec = 0;
# endif
/*
@ -403,7 +403,7 @@ struct uio *uio;
return 0;
if (uio->uio_resid < IPLOG_SIZE)
return EINVAL;
/*
* Lock the log so we can snapshot the variables. Wait for a signal
* if the log is empty.

68
sys/netinet/ip_nat.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: ip_nat.c,v 1.52 2002/09/19 08:09:16 martti Exp $ */
/* $NetBSD: ip_nat.c,v 1.53 2002/09/19 08:12:52 martti Exp $ */
/*
* Copyright (C) 1995-2001 by Darren Reed.
@ -112,7 +112,7 @@ extern struct ifnet vpnif;
#if !defined(lint)
#if defined(__NetBSD__)
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: ip_nat.c,v 1.52 2002/09/19 08:09:16 martti Exp $");
__KERNEL_RCSID(0, "$NetBSD: ip_nat.c,v 1.53 2002/09/19 08:12:52 martti Exp $");
#else
static const char sccsid[] = "@(#)ip_nat.c 1.11 6/5/96 (C) 1995 Darren Reed";
static const char rcsid[] = "@(#)Id: ip_nat.c,v 2.37.2.70 2002/08/28 12:45:48 darrenr Exp";
@ -157,6 +157,7 @@ static hostmap_t *nat_hostmap __P((ipnat_t *, struct in_addr,
static void nat_hostmapdel __P((struct hostmap *));
static void tcp_mss_clamp __P((tcphdr_t *, uint32_t, fr_info_t *, u_short *));
int nat_init()
{
KMALLOCS(nat_table[0], nat_t **, sizeof(nat_t *) * ipf_nattable_sz);
@ -370,13 +371,13 @@ u_32_t n;
* fix_datacksum is used *only* for the adjustments of checksums in the data
* section of an IP packet.
*
* The only situation in which you need to do this is when NAT'ing an
* The only situation in which you need to do this is when NAT'ing an
* ICMP error message. Such a message, contains in its body the IP header
* of the original IP packet, that causes the error.
*
* You can't use fix_incksum or fix_outcksum in that case, because for the
* kernel the data section of the ICMP error is just data, and no special
* processing like hardware cksum or ntohs processing have been done by the
* kernel the data section of the ICMP error is just data, and no special
* processing like hardware cksum or ntohs processing have been done by the
* kernel on the data section.
*/
void fix_datacksum(sp, n)
@ -1802,14 +1803,14 @@ int dir;
* Fix IP checksum of the offending IP packet to adjust for
* the change in the IP address.
*
* Normally, you would expect that the ICMP checksum of the
* Normally, you would expect that the ICMP checksum of the
* ICMP error message needs to be adjusted as well for the
* IP address change in oip.
* However, this is a NOP, because the ICMP checksum is
* However, this is a NOP, because the ICMP checksum is
* calculated over the complete ICMP packet, which includes the
* changed oip IP addresses and oip->ip_sum. However, these
* changed oip IP addresses and oip->ip_sum. However, these
* two changes cancel each other out (if the delta for
* the IP address is x, then the delta for ip_sum is minus x),
* the IP address is x, then the delta for ip_sum is minus x),
* so no change in the icmp_cksum is necessary.
*
* Be careful that nat_dir refers to the direction of the
@ -1823,7 +1824,7 @@ int dir;
*/
if (oip->ip_p == IPPROTO_UDP && udp->uh_sum) {
/*
* The UDP checksum is optional, only adjust it
* The UDP checksum is optional, only adjust it
* if it has been set.
*/
sum1 = ntohs(udp->uh_sum);
@ -1831,7 +1832,7 @@ int dir;
sum2 = ntohs(udp->uh_sum);
/*
* Fix ICMP checksum to compensate the UDP
* Fix ICMP checksum to compensate the UDP
* checksum adjustment.
*/
CALC_SUMD(sum1, sum2, sumd);
@ -1839,19 +1840,19 @@ int dir;
}
/*
* Fix TCP pseudo header checksum to compensate for the
* Fix TCP pseudo header checksum to compensate for the
* IP address change. Before we can do the change, we
* must make sure that oip is sufficient large to hold
* the TCP checksum (normally it does not!).
*/
if (oip->ip_p == IPPROTO_TCP && dlen >= 18) {
sum1 = ntohs(tcp->th_sum);
fix_datacksum(&tcp->th_sum, sumd);
sum2 = ntohs(tcp->th_sum);
/*
* Fix ICMP checksum to compensate the TCP
* Fix ICMP checksum to compensate the TCP
* checksum adjustment.
*/
CALC_SUMD(sum1, sum2, sumd);
@ -1863,14 +1864,14 @@ int dir;
* Fix IP checksum of the offending IP packet to adjust for
* the change in the IP address.
*
* Normally, you would expect that the ICMP checksum of the
* Normally, you would expect that the ICMP checksum of the
* ICMP error message needs to be adjusted as well for the
* IP address change in oip.
* However, this is a NOP, because the ICMP checksum is
* However, this is a NOP, because the ICMP checksum is
* calculated over the complete ICMP packet, which includes the
* changed oip IP addresses and oip->ip_sum. However, these
* changed oip IP addresses and oip->ip_sum. However, these
* two changes cancel each other out (if the delta for
* the IP address is x, then the delta for ip_sum is minus x),
* the IP address is x, then the delta for ip_sum is minus x),
* so no change in the icmp_cksum is necessary.
*
* Be careful that nat_dir refers to the direction of the
@ -1879,7 +1880,7 @@ int dir;
fix_datacksum(&oip->ip_sum, sumd);
/* XXX FV : without having looked at Solaris source code, it seems unlikely
* that SOLARIS would compensate this in the kernel (a body of an IP packet
* that SOLARIS would compensate this in the kernel (a body of an IP packet
* in the data section of an ICMP packet). I have the feeling that this should
* be unconditional, but I'm not in a position to check.
*/
@ -1890,29 +1891,29 @@ int dir;
*/
if (oip->ip_p == IPPROTO_UDP && udp->uh_sum) {
/*
* The UDP checksum is optional, only adjust it
* if it has been set
* The UDP checksum is optional, only adjust it
* if it has been set
*/
sum1 = ntohs(udp->uh_sum);
fix_datacksum(&udp->uh_sum, sumd);
sum2 = ntohs(udp->uh_sum);
/*
* Fix ICMP checksum to compensate the UDP
* Fix ICMP checksum to compensate the UDP
* checksum adjustment.
*/
CALC_SUMD(sum1, sum2, sumd);
sumd2 = sumd;
}
/*
* Fix TCP pseudo header checksum to compensate for the
/*
* Fix TCP pseudo header checksum to compensate for the
* IP address change. Before we can do the change, we
* must make sure that oip is sufficient large to hold
* the TCP checksum (normally it does not!).
*/
if (oip->ip_p == IPPROTO_TCP && dlen >= 18) {
sum1 = ntohs(tcp->th_sum);
fix_datacksum(&tcp->th_sum, sumd);
sum2 = ntohs(tcp->th_sum);
@ -1928,12 +1929,6 @@ int dir;
}
if ((flags & IPN_TCPUDP) != 0) {
/*
* XXX - what if this is bogus hl and we go off the end ?
* In this case, nat_icmpinlookup() will have returned NULL.
*/
tcp = (tcphdr_t *)udp;
/*
* Step 2 :
* For offending TCP/UDP IP packets, translate the ports as
@ -1982,8 +1977,8 @@ int dir;
sum2 = ntohs(udp->uh_sum);
/*
* Fix ICMP checksum to
* compensate UDP checksum
* Fix ICMP checksum to
* compensate UDP checksum
* adjustment.
*/
CALC_SUMD(sum1, sum2, sumd);
@ -2003,8 +1998,8 @@ int dir;
sum2 = ntohs(tcp->th_sum);
/*
* Fix ICMP checksum to
* compensate TCP checksum
* Fix ICMP checksum to
* compensate TCP checksum
* adjustment.
*/
CALC_SUMD(sum1, sum2, sumd);
@ -2809,7 +2804,6 @@ maskloop:
*/
if (nat->nat_age == fr_tcpclosed)
nat->nat_age = fr_tcplastack;
MUTEX_EXIT(&nat->nat_lock);
} else if (fin->fin_p == IPPROTO_UDP) {
udphdr_t *udp = (udphdr_t *)tcp;

10
sys/netinet/ip_netbios_pxy.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: ip_netbios_pxy.c,v 1.3 2002/06/09 16:33:42 itojun Exp $ */
/* $NetBSD: ip_netbios_pxy.c,v 1.4 2002/09/19 08:12:53 martti Exp $ */
/*
* Simple netbios-dgm transparent proxy for in-kernel use.
@ -34,7 +34,7 @@
* Id: ip_netbios_pxy.c,v 1.1.2.3 2002/01/09 09:28:37 darrenr Exp
*/
__KERNEL_RCSID(1, "$NetBSD: ip_netbios_pxy.c,v 1.3 2002/06/09 16:33:42 itojun Exp $");
__KERNEL_RCSID(1, "$NetBSD: ip_netbios_pxy.c,v 1.4 2002/09/19 08:12:53 martti Exp $");
#define IPF_NETBIOS_PROXY
@ -78,16 +78,16 @@ nat_t *nat;
/*
* no net bios datagram could possibly be shorter than this
*/
if (dlen < 11)
if (dlen < 11)
return 0;
udp = (udphdr_t *)fin->fin_dp;
/*
/*
* move past the
* ip header;
* udp header;
* 4 bytes into the net bios dgm header.
* 4 bytes into the net bios dgm header.
* According to rfc1002, this should be the exact location of
* the source address/port
*/

16
sys/netinet/ip_proxy.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: ip_proxy.c,v 1.35 2002/09/19 08:09:18 martti Exp $ */
/* $NetBSD: ip_proxy.c,v 1.36 2002/09/19 08:12:54 martti Exp $ */
/*
* Copyright (C) 1997-2002 by Darren Reed.
@ -17,8 +17,8 @@
#include <sys/param.h>
#include <sys/time.h>
#include <sys/file.h>
#if !defined(__FreeBSD_version)
# include <sys/ioctl.h>
#if !defined(__FreeBSD_version)
# include <sys/ioctl.h>
#endif
#include <sys/fcntl.h>
#if !defined(_KERNEL) && !defined(KERNEL)
@ -79,7 +79,7 @@
#if !defined(lint)
#if defined(__NetBSD__)
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: ip_proxy.c,v 1.35 2002/09/19 08:09:18 martti Exp $");
__KERNEL_RCSID(0, "$NetBSD: ip_proxy.c,v 1.36 2002/09/19 08:12:54 martti Exp $");
#else
static const char rcsid[] = "@(#)Id: ip_proxy.c,v 2.9.2.24 2002/08/28 12:45:51 darrenr Exp";
#endif
@ -136,10 +136,10 @@ aproxy_t ap_proxies[] = {
#endif
#ifdef IPF_H323_PROXY
{ NULL, "h323", (char)IPPROTO_TCP, 0, 0, ippr_h323_init, NULL,
ippr_h323_new, ippr_h323_del, ippr_h323_in, ippr_h323_out, NULL },
ippr_h323_new, ippr_h323_del, ippr_h323_in, ippr_h323_out, NULL },
{ NULL, "h245", (char)IPPROTO_TCP, 0, 0, ippr_h245_init, NULL,
ippr_h245_new, NULL, NULL, ippr_h245_out, NULL },
#endif
ippr_h245_new, NULL, NULL, ippr_h245_out, NULL },
#endif
{ NULL, "", '\0', 0, 0, NULL, NULL, NULL }
};
@ -431,7 +431,7 @@ ap_session_t *aps;
apr = aps->aps_apr;
if ((apr != NULL) && (apr->apr_del != NULL))
(*apr->apr_del)(aps);
if ((aps->aps_data != NULL) && (aps->aps_psiz != 0))
KFREES(aps->aps_data, aps->aps_psiz);
KFREE(aps);

8
sys/netinet/ip_state.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: ip_state.c,v 1.41 2002/09/19 08:09:19 martti Exp $ */
/* $NetBSD: ip_state.c,v 1.42 2002/09/19 08:12:54 martti Exp $ */
/*
* Copyright (C) 1995-2002 by Darren Reed.
@ -96,7 +96,7 @@
#if !defined(lint)
#if defined(__NetBSD__)
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: ip_state.c,v 1.41 2002/09/19 08:09:19 martti Exp $");
__KERNEL_RCSID(0, "$NetBSD: ip_state.c,v 1.42 2002/09/19 08:12:54 martti Exp $");
#else
static const char sccsid[] = "@(#)ip_state.c 1.8 6/5/96 (C) 1993-2000 Darren Reed";
static const char rcsid[] = "@(#)Id: ip_state.c,v 2.30.2.74 2002/07/27 15:58:10 darrenr Exp";
@ -1026,7 +1026,7 @@ tcphdr_t *tcp;
idx = (out << 1) + rev;
if ((is->is_ifp[idx] == NULL &&
if ((is->is_ifp[idx] == NULL &&
(*is->is_ifname[idx] == '\0' || *is->is_ifname[idx] == '*')) ||
is->is_ifp[idx] == ifp)
ret = 1;
@ -1294,7 +1294,7 @@ fr_info_t *fin;
}
RWLOCK_EXIT(&ipf_state);
return fr;
case IPPROTO_TCP :
case IPPROTO_UDP :
if (fin->fin_plen < ICMPERR_MAXPKTLEN)