Merge from RELENG_2_2, per luigi. Fixes the ntoh?() issue for the

firewall code when called from the bridge code. PR: 10818 Submitted by: nsayer Obtained from: luigi
1999-03-30 23:45:34 +00:00 · 1999-03-30 23:45:34 +00:00 · a44e3914d5
commit a44e3914d5
parent cd965a7436
1 changed files with 22 additions and 18 deletions
--- a/sys/netinet/ip_fw.c
+++ b/sys/netinet/ip_fw.c
@ -12,7 +12,7 @@
 *
 * This software is provided ``AS IS'' without any warranties of any kind.
 *
- *	$Id: ip_fw.c,v 1.103 1998/12/31 07:43:29 luigi Exp $
+ *	$Id: ip_fw.c,v 1.104 1999/02/16 10:49:52 dfr Exp $
 */

 /*
@ -483,7 +483,7 @@ ip_fw_chk(struct ip **pip, int hlen,
 		    printf("-- m_len %d, need more...\n", (*m)->m_len);
 		    goto non_ip ;
 		}
-		offset = (ntohs(ip->ip_off) & IP_OFFMASK);
+		offset = (ip->ip_off & IP_OFFMASK);
 		break ;
 	    default :
 non_ip:         ip = NULL ;
@ -553,13 +553,13 @@ again:
 		     *   2 src ports (interval) is match ether type
 		     *   3 src ports is match ether address
 		     */
-		    if ( f->fw_src.s_addr != 0 || f->fw_prot != IPPROTO_UDP)
+		    if ( f->fw_src.s_addr != 0 || f->fw_prot != IPPROTO_UDP
+			|| f->fw_smsk.s_addr != 0xffffffff )
 			continue;
 		    switch (IP_FW_GETNSRCP(f)) {
 		    case 1: /* match one type */
 			if (  /* ( (f->fw_flg & IP_FW_F_INVSRC) != 0) ^ */
 				( f->fw_uar.fw_pts[0] == ntohs(eh->ether_type) )  ) {
-			    printf("match!\n");
 			    goto got_match ;
 			}
 			break ;
@ -616,19 +616,23 @@ again:
 		if (ip->ip_p != f->fw_prot) 
 			continue;

-#define PULLUP_TO(len)							\
-	do {								\
-	    if ((*m)->m_len < (len) ) {					\
-		if ( (*m = m_pullup(*m, (len))) == 0)			\
-		    goto bogusfrag;					\
-		ip = mtod(*m, struct ip *);				\
-		if (pip) {						\
-		    *pip = ip ;						\
-		    offset = (ip->ip_off & IP_OFFMASK);			\
-		} else							\
-		    offset = (ntohs(ip->ip_off) & IP_OFFMASK);		\
-	    }								\
-	} while (0)
+/*
+ * here, pip==NULL for bridged pkts -- they include the ethernet
+ * header so i have to adjust lengths accordingly
+ */
+#define PULLUP_TO(l)	do {                                            \
+			    int len = (pip ? l : l + 14 ) ;             \
+			    if ((*m)->m_len < (len) ) {                 \
+				if ( (*m = m_pullup(*m, (len))) == 0)   \
+				    goto bogusfrag;                     \
+				ip = mtod(*m, struct ip *);             \
+				if (pip)                                \
+				    *pip = ip ;                         \
+				else                                    \
+				    ip = (struct ip *)((int)ip + 14);   \
+				offset = (ip->ip_off & IP_OFFMASK);     \
+			    }                                           \
+			} while (0)

 		/* Protocol specific checks */
 		switch (ip->ip_p) {
@ -715,7 +719,7 @@ got_match:
 		/* Update statistics */
 		f->fw_pcnt += 1;
 		if (ip) {
-		    f->fw_bcnt += pip ? ip->ip_len : ntohs(ip->ip_len);
+		    f->fw_bcnt += ip->ip_len;
 		}
 		f->timestamp = time_second;