Cross Reference: /freebsd-11.0-release/sys/netpfil/pf/pf.c

Deleted Added

sdiff udiff text old ( 178888 ) new ( 181295 )

full compact

pf.c (178888)	pf.c (181295)
1/* $OpenBSD: pf.c,v 1.527 2007/02/22 15:23:23 pyr Exp $ */	1/* $OpenBSD: pf.c,v 1.527 2007/02/22 15:23:23 pyr Exp $ */
	2/* add: $OpenBSD: pf.c,v 1.559 2007/09/18 18:45:59 markus Exp $ */
2 3/* 4 * Copyright (c) 2001 Daniel Hartmeier 5 * Copyright (c) 2002,2003 Henning Brauer 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions --- 25 unchanged lines hidden (view full) --- 35 * 36 */ 37 38#ifdef __FreeBSD__ 39#include "opt_inet.h" 40#include "opt_inet6.h" 41 42#include <sys/cdefs.h>	3 4/* 5 * Copyright (c) 2001 Daniel Hartmeier 6 * Copyright (c) 2002,2003 Henning Brauer 7 * All rights reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions --- 25 unchanged lines hidden (view full) --- 36 * 37 */ 38 39#ifdef __FreeBSD__ 40#include "opt_inet.h" 41#include "opt_inet6.h" 42 43#include <sys/cdefs.h>
43__FBSDID("$FreeBSD: head/sys/contrib/pf/net/pf.c 178888 2008-05-09 23:03:00Z julian $");	44__FBSDID("$FreeBSD: head/sys/contrib/pf/net/pf.c 181295 2008-08-04 14:42:09Z mlaier $");
44#endif 45 46#ifdef __FreeBSD__ 47#include "opt_mac.h" 48#include "opt_bpf.h" 49#include "opt_pf.h" 50 51#ifdef DEV_BPF --- 4722 unchanged lines hidden (view full) --- 4774 (state)->src.wscale = (state)->dst.wscale = 0; 4775 (state)->src.state = (state)->dst.state = 4776 TCPS_ESTABLISHED; 4777 REASON_SET(reason, PFRES_SYNPROXY); 4778 return (PF_SYNPROXY_DROP); 4779 } 4780 } 4781	45#endif 46 47#ifdef __FreeBSD__ 48#include "opt_mac.h" 49#include "opt_bpf.h" 50#include "opt_pf.h" 51 52#ifdef DEV_BPF --- 4722 unchanged lines hidden (view full) --- 4775 (state)->src.wscale = (state)->dst.wscale = 0; 4776 (state)->src.state = (state)->dst.state = 4777 TCPS_ESTABLISHED; 4778 REASON_SET(reason, PFRES_SYNPROXY); 4779 return (PF_SYNPROXY_DROP); 4780 } 4781 } 4782
	4783 if (((th->th_flags & (TH_SYN\|TH_ACK)) == TH_SYN) && 4784 dst->state >= TCPS_FIN_WAIT_2 && 4785 src->state >= TCPS_FIN_WAIT_2) { 4786 if (pf_status.debug >= PF_DEBUG_MISC) { 4787 printf("pf: state reuse "); 4788 pf_print_state(state); 4789* pf_print_flags(th->th_flags); 4790 printf("\n"); 4791 } 4792 /* XXX make sure it's the same direction ?? / 4793* (state)->src.state = (state)->dst.state = TCPS_CLOSED; 4794 pf_unlink_state(state); 4795* state = NULL; 4796* return (PF_DROP); 4797 } 4798
4782 if (src->wscale && dst->wscale && !(th->th_flags & TH_SYN)) { 4783 sws = src->wscale & PF_WSCALE_MASK; 4784 dws = dst->wscale & PF_WSCALE_MASK; 4785 } else 4786 sws = dws = 0; 4787 4788 /* 4789 * Sequence tracking algorithm from Guido van Rooij's paper: --- 2806 unchanged lines hidden ---	4799 if (src->wscale && dst->wscale && !(th->th_flags & TH_SYN)) { 4800 sws = src->wscale & PF_WSCALE_MASK; 4801 dws = dst->wscale & PF_WSCALE_MASK; 4802 } else 4803 sws = dws = 0; 4804 4805 /* 4806 * Sequence tracking algorithm from Guido van Rooij's paper: --- 2806 unchanged lines hidden ---