| fil.c (67564) | fil.c (67614) |
|---|---|
| 1/* 2 * Copyright (C) 1993-2000 by Darren Reed. 3 * 4 * Redistribution and use in source and binary forms are permitted 5 * provided that this notice is preserved and due credit is given 6 * to the original author and the contributors. 7 */ 8#if !defined(lint) 9static const char sccsid[] = "@(#)fil.c 1.36 6/5/96 (C) 1993-1996 Darren Reed"; 10/* static const char rcsid[] = "@(#)$Id: fil.c,v 2.3.2.16 2000/01/27 08:49:37 darrenr Exp $"; */ | 1/* 2 * Copyright (C) 1993-2000 by Darren Reed. 3 * 4 * Redistribution and use in source and binary forms are permitted 5 * provided that this notice is preserved and due credit is given 6 * to the original author and the contributors. 7 */ 8#if !defined(lint) 9static const char sccsid[] = "@(#)fil.c 1.36 6/5/96 (C) 1993-1996 Darren Reed"; 10/* static const char rcsid[] = "@(#)$Id: fil.c,v 2.3.2.16 2000/01/27 08:49:37 darrenr Exp $"; */ |
| 11static const char rcsid[] = "@(#)$FreeBSD: head/sys/contrib/ipfilter/netinet/fil.c 67564 2000-10-25 10:56:41Z ru $"; | 11static const char rcsid[] = "@(#)$FreeBSD: head/sys/contrib/ipfilter/netinet/fil.c 67614 2000-10-26 12:33:42Z darrenr $"; |
| 12#endif 13 14#include <sys/errno.h> 15#include <sys/types.h> 16#include <sys/param.h> 17#include <sys/time.h> 18#include <sys/file.h> 19#if defined(__NetBSD__) && (NetBSD >= 199905) && !defined(IPFILTER_LKM) && \ --- 252 unchanged lines hidden (view full) --- 272 273 switch (p) 274 { 275 case IPPROTO_ICMP : 276 { 277 int minicmpsz = sizeof(struct icmp); 278 icmphdr_t *icmp; 279 | 12#endif 13 14#include <sys/errno.h> 15#include <sys/types.h> 16#include <sys/param.h> 17#include <sys/time.h> 18#include <sys/file.h> 19#if defined(__NetBSD__) && (NetBSD >= 199905) && !defined(IPFILTER_LKM) && \ --- 252 unchanged lines hidden (view full) --- 272 273 switch (p) 274 { 275 case IPPROTO_ICMP : 276 { 277 int minicmpsz = sizeof(struct icmp); 278 icmphdr_t *icmp; 279 |
| 280 if (fin->fin_dlen > 1) 281 fin->fin_data[0] = *(u_short *)tcp; 282 283 if ((!(plen >= hlen + minicmpsz) && !off) || 284 (off && off < sizeof(struct icmp))) { 285 fi->fi_fl |= FI_SHORT; 286 if (fin->fin_dlen < 2) 287 break; 288 } 289 |
|
| 280 icmp = (icmphdr_t *)tcp; 281 282 if (!off && (icmp->icmp_type == ICMP_ECHOREPLY || 283 icmp->icmp_type == ICMP_ECHO)) 284 minicmpsz = ICMP_MINLEN; 285 286 /* type(1) + code(1) + cksum(2) + id(2) seq(2) + 287 * 3*timestamp(3*4) */ 288 else if (!off && (icmp->icmp_type == ICMP_TSTAMP || 289 icmp->icmp_type == ICMP_TSTAMPREPLY)) 290 minicmpsz = 20; 291 292 /* type(1) + code(1) + cksum(2) + id(2) seq(2) + mask(4) */ 293 else if (!off && (icmp->icmp_type == ICMP_MASKREQ || 294 icmp->icmp_type == ICMP_MASKREPLY)) 295 minicmpsz = 12; 296 | 290 icmp = (icmphdr_t *)tcp; 291 292 if (!off && (icmp->icmp_type == ICMP_ECHOREPLY || 293 icmp->icmp_type == ICMP_ECHO)) 294 minicmpsz = ICMP_MINLEN; 295 296 /* type(1) + code(1) + cksum(2) + id(2) seq(2) + 297 * 3*timestamp(3*4) */ 298 else if (!off && (icmp->icmp_type == ICMP_TSTAMP || 299 icmp->icmp_type == ICMP_TSTAMPREPLY)) 300 minicmpsz = 20; 301 302 /* type(1) + code(1) + cksum(2) + id(2) seq(2) + mask(4) */ 303 else if (!off && (icmp->icmp_type == ICMP_MASKREQ || 304 icmp->icmp_type == ICMP_MASKREPLY)) 305 minicmpsz = 12; 306 |
| 297 if ((!(plen >= hlen + minicmpsz) && !off) || 298 (off && off < sizeof(struct icmp))) 299 fi->fi_fl |= FI_SHORT; 300 if (fin->fin_dlen > 1) 301 fin->fin_data[0] = *(u_short *)tcp; | |
| 302 break; 303 } 304 case IPPROTO_TCP : 305 fi->fi_fl |= FI_TCPUDP; 306#ifdef USE_INET6 307 if (v == 6) { 308 if (plen < sizeof(struct tcphdr)) 309 fi->fi_fl |= FI_SHORT; --- 428 unchanged lines hidden (view full) --- 738 frentry_t *fr = NULL, *list; 739 u_32_t pass, apass; 740#if !SOLARIS || !defined(_KERNEL) 741 register mb_t *m = *mp; 742#endif 743 744#ifdef _KERNEL 745 mb_t *mc = NULL; | 307 break; 308 } 309 case IPPROTO_TCP : 310 fi->fi_fl |= FI_TCPUDP; 311#ifdef USE_INET6 312 if (v == 6) { 313 if (plen < sizeof(struct tcphdr)) 314 fi->fi_fl |= FI_SHORT; --- 428 unchanged lines hidden (view full) --- 743 frentry_t *fr = NULL, *list; 744 u_32_t pass, apass; 745#if !SOLARIS || !defined(_KERNEL) 746 register mb_t *m = *mp; 747#endif 748 749#ifdef _KERNEL 750 mb_t *mc = NULL; |
| 751 int p, len; |
|
| 746# if !defined(__SVR4) && !defined(__svr4__) 747# ifdef __sgi 748 char hbuf[(0xf << 2) + sizeof(struct icmp) + sizeof(ip_t) + 8]; 749# endif 750 int up; 751 752# ifdef M_CANFASTFWD 753 /* --- 8 unchanged lines hidden (view full) --- 762 * disable delayed checksums. 763 */ 764 if (m->m_pkthdr.csum_flags & CSUM_DELAY_DATA) { 765 in_delayed_cksum(m); 766 m->m_pkthdr.csum_flags &= ~CSUM_DELAY_DATA; 767 } 768# endif /* CSUM_DELAY_DATA */ 769 | 752# if !defined(__SVR4) && !defined(__svr4__) 753# ifdef __sgi 754 char hbuf[(0xf << 2) + sizeof(struct icmp) + sizeof(ip_t) + 8]; 755# endif 756 int up; 757 758# ifdef M_CANFASTFWD 759 /* --- 8 unchanged lines hidden (view full) --- 768 * disable delayed checksums. 769 */ 770 if (m->m_pkthdr.csum_flags & CSUM_DELAY_DATA) { 771 in_delayed_cksum(m); 772 m->m_pkthdr.csum_flags &= ~CSUM_DELAY_DATA; 773 } 774# endif /* CSUM_DELAY_DATA */ 775 |
| 776# ifdef USE_INET6 777 if (v == 6) { 778 len = ntohs(((ip6_t*)ip)->ip6_plen); 779 p = ((ip6_t *)ip)->ip6_nxt; 780 } else 781# endif 782 { 783 p = ip->ip_p; 784 len = ip->ip_len; 785 } |
|
| 770 | 786 |
| 771 if ((ip->ip_p == IPPROTO_TCP || ip->ip_p == IPPROTO_UDP || 772 ip->ip_p == IPPROTO_ICMP)) { | 787 if ((p == IPPROTO_TCP || p == IPPROTO_UDP || p == IPPROTO_ICMP 788# ifdef USE_INET6 789 || (v == 6 && p == IPPROTO_ICMPV6) 790# endif 791 )) { |
| 773 int plen = 0; 774 | 792 int plen = 0; 793 |
| 775 if ((ip->ip_off & IP_OFFMASK) == 0) 776 switch(ip->ip_p) | 794 if ((v == 6) || (ip->ip_off & IP_OFFMASK) == 0) 795 switch(p) |
| 777 { 778 case IPPROTO_TCP: 779 plen = sizeof(tcphdr_t); 780 break; 781 case IPPROTO_UDP: 782 plen = sizeof(udphdr_t); 783 break; 784 /* 96 - enough for complete ICMP error IP header */ 785 case IPPROTO_ICMP: | 796 { 797 case IPPROTO_TCP: 798 plen = sizeof(tcphdr_t); 799 break; 800 case IPPROTO_UDP: 801 plen = sizeof(udphdr_t); 802 break; 803 /* 96 - enough for complete ICMP error IP header */ 804 case IPPROTO_ICMP: |
| 805# ifdef USE_INET6 806 case IPPROTO_ICMPV6 : 807# endif |
|
| 786 plen = ICMPERR_MAXPKTLEN - sizeof(ip_t); 787 break; 788 } | 808 plen = ICMPERR_MAXPKTLEN - sizeof(ip_t); 809 break; 810 } |
| 789 up = MIN(hlen + plen, ip->ip_len); | 811 up = MIN(hlen + plen, len); |
| 790 791 if (up > m->m_len) { 792# ifdef __sgi 793 /* Under IRIX, avoid m_pullup as it makes ping <hostname> panic */ 794 if ((up > sizeof(hbuf)) || (m_length(m) < up)) { 795 ATOMIC_INCL(frstats[out].fr_pull[1]); 796 return -1; 797 } --- 32 unchanged lines hidden (view full) --- 830 * Be careful here: ip_id is in network byte order when called 831 * from ip_output() 832 */ 833 if ((out) && (v == 4)) 834 ip->ip_id = ntohs(ip->ip_id); 835#endif 836 837 changed = 0; | 812 813 if (up > m->m_len) { 814# ifdef __sgi 815 /* Under IRIX, avoid m_pullup as it makes ping <hostname> panic */ 816 if ((up > sizeof(hbuf)) || (m_length(m) < up)) { 817 ATOMIC_INCL(frstats[out].fr_pull[1]); 818 return -1; 819 } --- 32 unchanged lines hidden (view full) --- 852 * Be careful here: ip_id is in network byte order when called 853 * from ip_output() 854 */ 855 if ((out) && (v == 4)) 856 ip->ip_id = ntohs(ip->ip_id); 857#endif 858 859 changed = 0; |
| 838 fin->fin_v = v; | |
| 839 fin->fin_ifp = ifp; | 860 fin->fin_ifp = ifp; |
| 861 fin->fin_v = v; |
|
| 840 fin->fin_out = out; 841 fin->fin_mp = mp; 842 fr_makefrip(hlen, ip, fin); 843 844#ifdef _KERNEL 845# ifdef USE_INET6 846 if (v == 6) { 847 ATOMIC_INCL(frstats[0].fr_ipv6[out]); --- 530 unchanged lines hidden (view full) --- 1378 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 1379 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 1380 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 1381 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 1382 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 1383 * SUCH DAMAGE. 1384 * 1385 * @(#)uipc_mbuf.c 8.2 (Berkeley) 1/4/94 | 862 fin->fin_out = out; 863 fin->fin_mp = mp; 864 fr_makefrip(hlen, ip, fin); 865 866#ifdef _KERNEL 867# ifdef USE_INET6 868 if (v == 6) { 869 ATOMIC_INCL(frstats[0].fr_ipv6[out]); --- 530 unchanged lines hidden (view full) --- 1400 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 1401 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 1402 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 1403 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 1404 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 1405 * SUCH DAMAGE. 1406 * 1407 * @(#)uipc_mbuf.c 8.2 (Berkeley) 1/4/94 |
| 1386 * $Id: fil.c,v 2.35.2.20 2000/08/13 04:15:43 darrenr Exp $ | 1408 * $Id: fil.c,v 2.35.2.26 2000/10/24 11:58:17 darrenr Exp $ |
| 1387 */ 1388/* 1389 * Copy data from an mbuf chain starting "off" bytes from the beginning, 1390 * continuing for "len" bytes, into the indicated buffer. 1391 */ 1392void 1393m_copydata(m, off, len, cp) 1394 register mb_t *m; --- 462 unchanged lines hidden (view full) --- 1857int ircopyptr(a, b, c) 1858void *a, *b; 1859size_t c; 1860{ 1861 caddr_t ca; 1862 int err; 1863 1864#if SOLARIS | 1409 */ 1410/* 1411 * Copy data from an mbuf chain starting "off" bytes from the beginning, 1412 * continuing for "len" bytes, into the indicated buffer. 1413 */ 1414void 1415m_copydata(m, off, len, cp) 1416 register mb_t *m; --- 462 unchanged lines hidden (view full) --- 1879int ircopyptr(a, b, c) 1880void *a, *b; 1881size_t c; 1882{ 1883 caddr_t ca; 1884 int err; 1885 1886#if SOLARIS |
| 1865 if (copyin(a, &ca, sizeof(ca))) | 1887 if (copyin(a, (char *)&ca, sizeof(ca))) |
| 1866 return EFAULT; 1867#else 1868 bcopy(a, &ca, sizeof(ca)); 1869#endif 1870 err = copyin(ca, b, c); 1871 if (err) 1872 err = EFAULT; 1873 return err; 1874} 1875 1876 1877int iwcopyptr(a, b, c) 1878void *a, *b; 1879size_t c; 1880{ 1881 caddr_t ca; 1882 int err; 1883 1884#if SOLARIS | 1888 return EFAULT; 1889#else 1890 bcopy(a, &ca, sizeof(ca)); 1891#endif 1892 err = copyin(ca, b, c); 1893 if (err) 1894 err = EFAULT; 1895 return err; 1896} 1897 1898 1899int iwcopyptr(a, b, c) 1900void *a, *b; 1901size_t c; 1902{ 1903 caddr_t ca; 1904 int err; 1905 1906#if SOLARIS |
| 1885 if (copyin(b, &ca, sizeof(ca))) | 1907 if (copyin(b, (char *)&ca, sizeof(ca))) |
| 1886 return EFAULT; 1887#else 1888 bcopy(b, &ca, sizeof(ca)); 1889#endif 1890 err = copyout(a, ca, c); 1891 if (err) 1892 err = EFAULT; 1893 return err; --- 77 unchanged lines hidden (view full) --- 1971 fiop->f_fin6[0] = ipfilter6[0][0]; 1972 fiop->f_fin6[1] = ipfilter6[0][1]; 1973 fiop->f_fout6[0] = ipfilter6[1][0]; 1974 fiop->f_fout6[1] = ipfilter6[1][1]; 1975 fiop->f_acctin6[0] = ipacct6[0][0]; 1976 fiop->f_acctin6[1] = ipacct6[0][1]; 1977 fiop->f_acctout6[0] = ipacct6[1][0]; 1978 fiop->f_acctout6[1] = ipacct6[1][1]; | 1908 return EFAULT; 1909#else 1910 bcopy(b, &ca, sizeof(ca)); 1911#endif 1912 err = copyout(a, ca, c); 1913 if (err) 1914 err = EFAULT; 1915 return err; --- 77 unchanged lines hidden (view full) --- 1993 fiop->f_fin6[0] = ipfilter6[0][0]; 1994 fiop->f_fin6[1] = ipfilter6[0][1]; 1995 fiop->f_fout6[0] = ipfilter6[1][0]; 1996 fiop->f_fout6[1] = ipfilter6[1][1]; 1997 fiop->f_acctin6[0] = ipacct6[0][0]; 1998 fiop->f_acctin6[1] = ipacct6[0][1]; 1999 fiop->f_acctout6[0] = ipacct6[1][0]; 2000 fiop->f_acctout6[1] = ipacct6[1][1]; |
| 2001#else 2002 fiop->f_fin6[0] = NULL; 2003 fiop->f_fin6[1] = NULL; 2004 fiop->f_fout6[0] = NULL; 2005 fiop->f_fout6[1] = NULL; 2006 fiop->f_acctin6[0] = NULL; 2007 fiop->f_acctin6[1] = NULL; 2008 fiop->f_acctout6[0] = NULL; 2009 fiop->f_acctout6[1] = NULL; |
|
| 1979#endif 1980 fiop->f_active = fr_active; 1981 fiop->f_froute[0] = ipl_frouteok[0]; 1982 fiop->f_froute[1] = ipl_frouteok[1]; 1983 1984 fiop->f_running = fr_running; 1985 fiop->f_groups[0][0] = ipfgroups[0][0]; 1986 fiop->f_groups[0][1] = ipfgroups[0][1]; --- 55 unchanged lines hidden --- | 2010#endif 2011 fiop->f_active = fr_active; 2012 fiop->f_froute[0] = ipl_frouteok[0]; 2013 fiop->f_froute[1] = ipl_frouteok[1]; 2014 2015 fiop->f_running = fr_running; 2016 fiop->f_groups[0][0] = ipfgroups[0][0]; 2017 fiop->f_groups[0][1] = ipfgroups[0][1]; --- 55 unchanged lines hidden --- |