Reverse the default sense of the IPFW/DIVERT reinjection code
so that the new behaviour is now default. Solves the "infinite loop in diversion" problem when more than one diversion is active. Man page changes follow. The new code is in -stable as the NON default option.
This commit is contained in:
parent
5994d8937d
commit
e256a933a8
sys
@ -2,7 +2,7 @@
|
||||
# LINT -- config file for checking all the sources, tries to pull in
|
||||
# as much of the source tree as it can.
|
||||
#
|
||||
# $Id: LINT,v 1.434 1998/05/21 03:22:20 wpaul Exp $
|
||||
# $Id: LINT,v 1.435 1998/05/30 18:28:12 phk Exp $
|
||||
#
|
||||
# NB: You probably don't want to try running a kernel built from this
|
||||
# file. Instead, you should start from GENERIC, and add options from
|
||||
@ -433,6 +433,7 @@ options IPFILTER #kernel ipfilter support
|
||||
options IPFILTER_LOG #ipfilter logging
|
||||
#options IPFILTER_LKM #kernel support for ip_fil.o LKM
|
||||
options TCPDEBUG
|
||||
#options IPFW_DIVERT_OLDRESTART # old (broken) divert/restart semantics
|
||||
|
||||
|
||||
#####################################################################
|
||||
|
@ -1,4 +1,4 @@
|
||||
# $Id: options,v 1.74 1998/05/24 01:29:52 jkh Exp $
|
||||
# $Id: options,v 1.75 1998/05/25 10:37:40 julian Exp $
|
||||
#
|
||||
# On the handling of kernel options
|
||||
#
|
||||
@ -174,7 +174,7 @@ IPFIREWALL_VERBOSE opt_ipfw.h
|
||||
IPFIREWALL_VERBOSE_LIMIT opt_ipfw.h
|
||||
IPFIREWALL_DEFAULT_TO_ACCEPT opt_ipfw.h
|
||||
#temp option to change ipfw/divert semantics. Should become standard.
|
||||
IPFW_DIVERT_RESTART opt_ipfw.h
|
||||
IPFW_DIVERT_OLDRESTART opt_ipfw.h
|
||||
IPX opt_ipx.h
|
||||
IPXIP opt_ipx.h
|
||||
IPTUNNEL opt_ipx.h
|
||||
|
@ -2,7 +2,7 @@
|
||||
# LINT -- config file for checking all the sources, tries to pull in
|
||||
# as much of the source tree as it can.
|
||||
#
|
||||
# $Id: LINT,v 1.434 1998/05/21 03:22:20 wpaul Exp $
|
||||
# $Id: LINT,v 1.435 1998/05/30 18:28:12 phk Exp $
|
||||
#
|
||||
# NB: You probably don't want to try running a kernel built from this
|
||||
# file. Instead, you should start from GENERIC, and add options from
|
||||
@ -433,6 +433,7 @@ options IPFILTER #kernel ipfilter support
|
||||
options IPFILTER_LOG #ipfilter logging
|
||||
#options IPFILTER_LKM #kernel support for ip_fil.o LKM
|
||||
options TCPDEBUG
|
||||
#options IPFW_DIVERT_OLDRESTART # old (broken) divert/restart semantics
|
||||
|
||||
|
||||
#####################################################################
|
||||
|
@ -2,7 +2,7 @@
|
||||
# LINT -- config file for checking all the sources, tries to pull in
|
||||
# as much of the source tree as it can.
|
||||
#
|
||||
# $Id: LINT,v 1.434 1998/05/21 03:22:20 wpaul Exp $
|
||||
# $Id: LINT,v 1.435 1998/05/30 18:28:12 phk Exp $
|
||||
#
|
||||
# NB: You probably don't want to try running a kernel built from this
|
||||
# file. Instead, you should start from GENERIC, and add options from
|
||||
@ -433,6 +433,7 @@ options IPFILTER #kernel ipfilter support
|
||||
options IPFILTER_LOG #ipfilter logging
|
||||
#options IPFILTER_LKM #kernel support for ip_fil.o LKM
|
||||
options TCPDEBUG
|
||||
#options IPFW_DIVERT_OLDRESTART # old (broken) divert/restart semantics
|
||||
|
||||
|
||||
#####################################################################
|
||||
|
@ -30,7 +30,7 @@
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id: ip_divert.c,v 1.25 1998/05/25 08:44:31 julian Exp $
|
||||
* $Id: ip_divert.c,v 1.26 1998/05/25 10:37:43 julian Exp $
|
||||
*/
|
||||
|
||||
#include "opt_inet.h"
|
||||
@ -82,7 +82,7 @@
|
||||
u_short ip_divert_port;
|
||||
|
||||
/*
|
||||
* #ifndef IPFW_DIVERT_RESTART
|
||||
* #ifdef IPFW_DIVERT_OLDRESTART
|
||||
* We set this value to a non-zero port number when we want the call to
|
||||
* ip_fw_chk() in ip_input() or ip_output() to ignore ``divert <port>''
|
||||
* chain entries. This is stored in host order.
|
||||
@ -98,13 +98,13 @@ u_short ip_divert_port;
|
||||
* 0 will restart processing at the beginning.
|
||||
* #endif
|
||||
*/
|
||||
#ifndef IPFW_DIVERT_RESTART
|
||||
#ifdef IPFW_DIVERT_OLDRESTART
|
||||
u_short ip_divert_ignore;
|
||||
#else
|
||||
|
||||
u_short ip_divert_in_cookie;
|
||||
u_short ip_divert_out_cookie;
|
||||
#endif /* IPFW_DIVERT_RESTART */
|
||||
#endif /* IPFW_DIVERT_OLDRESTART */
|
||||
|
||||
/* Internal variables */
|
||||
|
||||
@ -168,12 +168,12 @@ div_input(struct mbuf *m, int hlen)
|
||||
ip = mtod(m, struct ip *);
|
||||
|
||||
/* Record divert port */
|
||||
#ifndef IPFW_DIVERT_RESTART
|
||||
#ifdef IPFW_DIVERT_OLDRESTART
|
||||
divsrc.sin_port = htons(ip_divert_port);
|
||||
#else
|
||||
divsrc.sin_port = ip_divert_in_cookie;
|
||||
ip_divert_in_cookie = 0;
|
||||
#endif /* IPFW_DIVERT_RESTART */
|
||||
#endif /* IPFW_DIVERT_OLDRESTART */
|
||||
|
||||
/* Restore packet header fields */
|
||||
ip->ip_len += hlen;
|
||||
@ -274,7 +274,7 @@ div_output(so, m, addr, control)
|
||||
m_freem(control); /* XXX */
|
||||
|
||||
/* Loopback avoidance */
|
||||
#ifndef IPFW_DIVERT_RESTART
|
||||
#ifdef IPFW_DIVERT_OLDRESTART
|
||||
if (sin) {
|
||||
ip_divert_ignore = ntohs(sin->sin_port);
|
||||
} else {
|
||||
@ -286,7 +286,7 @@ div_output(so, m, addr, control)
|
||||
} else {
|
||||
ip_divert_out_cookie = 0;
|
||||
}
|
||||
#endif /* IPFW_DIVERT_RESTART */
|
||||
#endif /* IPFW_DIVERT_OLDRESTART */
|
||||
|
||||
/* Reinject packet into the system as incoming or outgoing */
|
||||
if (!sin || sin->sin_addr.s_addr == 0) {
|
||||
@ -344,19 +344,19 @@ div_output(so, m, addr, control)
|
||||
}
|
||||
|
||||
/* Reset for next time (and other packets) */
|
||||
#ifndef IPFW_DIVERT_RESTART
|
||||
#ifdef IPFW_DIVERT_OLDRESTART
|
||||
ip_divert_ignore = 0;
|
||||
#else
|
||||
ip_divert_out_cookie = 0;
|
||||
#endif /* IPFW_DIVERT_RESTART */
|
||||
#endif /* IPFW_DIVERT_OLDRESTART */
|
||||
return error;
|
||||
|
||||
cantsend:
|
||||
#ifndef IPFW_DIVERT_RESTART
|
||||
#ifdef IPFW_DIVERT_OLDRESTART
|
||||
ip_divert_ignore = 0;
|
||||
#else
|
||||
ip_divert_out_cookie = 0;
|
||||
#endif /* IPFW_DIVERT_RESTART */
|
||||
#endif /* IPFW_DIVERT_OLDRESTART */
|
||||
m_freem(m);
|
||||
return error;
|
||||
}
|
||||
|
@ -12,7 +12,7 @@
|
||||
*
|
||||
* This software is provided ``AS IS'' without any warranties of any kind.
|
||||
*
|
||||
* $Id: ip_fw.c,v 1.83 1998/05/19 14:04:29 dg Exp $
|
||||
* $Id: ip_fw.c,v 1.84 1998/05/25 10:37:44 julian Exp $
|
||||
*/
|
||||
|
||||
/*
|
||||
@ -103,13 +103,13 @@ static ip_fw_chk_t *old_chk_ptr;
|
||||
static ip_fw_ctl_t *old_ctl_ptr;
|
||||
#endif
|
||||
|
||||
#ifndef IPFW_DIVERT_RESTART
|
||||
#ifdef IPFW_DIVERT_OLDRESTART
|
||||
static int ip_fw_chk __P((struct ip **pip, int hlen,
|
||||
struct ifnet *oif, int ignport, struct mbuf **m));
|
||||
#else
|
||||
static int ip_fw_chk __P((struct ip **pip, int hlen,
|
||||
struct ifnet *oif, int pastrule, struct mbuf **m));
|
||||
#endif /* IPFW_DIVERT_RESTART */
|
||||
#endif /* IPFW_DIVERT_OLDRESTART */
|
||||
static int ip_fw_ctl __P((int stage, struct mbuf **mm));
|
||||
|
||||
static char err_prefix[] = "ip_fw_ctl:";
|
||||
@ -386,7 +386,7 @@ ipfw_report(struct ip_fw *f, struct ip *ip,
|
||||
* ip Pointer to packet header (struct ip *)
|
||||
* hlen Packet header length
|
||||
* oif Outgoing interface, or NULL if packet is incoming
|
||||
* #ifndef IPFW_DIVERT_RESTART
|
||||
* #ifdef IPFW_DIVERT_OLDRESTART
|
||||
* ignport Ignore all divert/tee rules to this port (if non-zero)
|
||||
* #else
|
||||
* pastrule Skip up to the first rule past this rule number;
|
||||
@ -402,13 +402,13 @@ ipfw_report(struct ip_fw *f, struct ip *ip,
|
||||
*/
|
||||
|
||||
static int
|
||||
#ifndef IPFW_DIVERT_RESTART
|
||||
#ifdef IPFW_DIVERT_OLDRESTART
|
||||
ip_fw_chk(struct ip **pip, int hlen,
|
||||
struct ifnet *oif, int ignport, struct mbuf **m)
|
||||
#else
|
||||
ip_fw_chk(struct ip **pip, int hlen,
|
||||
struct ifnet *oif, int pastrule, struct mbuf **m)
|
||||
#endif /* IPFW_DIVERT_RESTART */
|
||||
#endif /* IPFW_DIVERT_OLDRESTART */
|
||||
{
|
||||
struct ip_fw_chain *chain;
|
||||
struct ip_fw *rule = NULL;
|
||||
@ -419,11 +419,11 @@ ip_fw_chk(struct ip **pip, int hlen,
|
||||
|
||||
/*
|
||||
* Go down the chain, looking for enlightment
|
||||
* #ifdef IPFW_DIVERT_RESTART
|
||||
* #ifndef IPFW_DIVERT_OLDRESTART
|
||||
* If we've been asked to start at a given rule immediatly, do so.
|
||||
* #endif
|
||||
*/
|
||||
#ifndef IPFW_DIVERT_RESTART
|
||||
#ifdef IPFW_DIVERT_OLDRESTART
|
||||
for (chain=LIST_FIRST(&ip_fw_chain); chain; chain = LIST_NEXT(chain, chain)) {
|
||||
#else
|
||||
chain=LIST_FIRST(&ip_fw_chain);
|
||||
@ -436,7 +436,7 @@ ip_fw_chk(struct ip **pip, int hlen,
|
||||
if (! chain) goto dropit;
|
||||
}
|
||||
for (; chain; chain = LIST_NEXT(chain, chain)) {
|
||||
#endif /* IPFW_DIVERT_RESTART */
|
||||
#endif /* IPFW_DIVERT_OLDRESTART */
|
||||
register struct ip_fw *const f = chain->rule;
|
||||
|
||||
if (oif) {
|
||||
@ -586,7 +586,7 @@ bogusfrag:
|
||||
}
|
||||
|
||||
got_match:
|
||||
#ifndef IPFW_DIVERT_RESTART
|
||||
#ifdef IPFW_DIVERT_OLDRESTART
|
||||
/* Ignore divert/tee rule if socket port is "ignport" */
|
||||
switch (f->fw_flg & IP_FW_F_COMMAND) {
|
||||
case IP_FW_F_DIVERT:
|
||||
@ -596,7 +596,7 @@ got_match:
|
||||
break;
|
||||
}
|
||||
|
||||
#endif /* IPFW_DIVERT_RESTART */
|
||||
#endif /* IPFW_DIVERT_OLDRESTART */
|
||||
/* Update statistics */
|
||||
f->fw_pcnt += 1;
|
||||
f->fw_bcnt += ip->ip_len;
|
||||
@ -613,9 +613,9 @@ got_match:
|
||||
case IP_FW_F_COUNT:
|
||||
continue;
|
||||
case IP_FW_F_DIVERT:
|
||||
#ifdef IPFW_DIVERT_RESTART
|
||||
#ifndef IPFW_DIVERT_OLDRESTART
|
||||
ip_divert_in_cookie = f->fw_number;
|
||||
#endif /* IPFW_DIVERT_RESTART */
|
||||
#endif /* IPFW_DIVERT_OLDRESTART */
|
||||
return(f->fw_divert_port);
|
||||
case IP_FW_F_TEE:
|
||||
/*
|
||||
|
@ -31,7 +31,7 @@
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* @(#)ip_input.c 8.2 (Berkeley) 1/4/94
|
||||
* $Id: ip_input.c,v 1.84 1998/05/24 14:59:57 dg Exp $
|
||||
* $Id: ip_input.c,v 1.85 1998/05/25 10:37:45 julian Exp $
|
||||
* $ANA: ip_input.c,v 1.5 1996/09/18 14:34:59 wollman Exp $
|
||||
*/
|
||||
|
||||
@ -362,7 +362,7 @@ tooshort:
|
||||
#ifdef IPDIVERT
|
||||
u_short port;
|
||||
|
||||
#ifndef IPFW_DIVERT_RESTART
|
||||
#ifdef IPFW_DIVERT_OLDRESTART
|
||||
port = (*ip_fw_chk_ptr)(&ip, hlen, NULL, ip_divert_ignore, &m);
|
||||
ip_divert_ignore = 0;
|
||||
#else
|
||||
@ -370,7 +370,7 @@ tooshort:
|
||||
port = (*ip_fw_chk_ptr)(&ip, hlen, NULL,
|
||||
ip_divert_out_cookie, &m);
|
||||
ip_divert_out_cookie = 0;
|
||||
#endif /* IPFW_DIVERT_RESTART */
|
||||
#endif /* IPFW_DIVERT_OLDRESTART */
|
||||
if (port) { /* Divert packet */
|
||||
frag_divert_port = port;
|
||||
goto ours;
|
||||
@ -682,9 +682,9 @@ ip_reass(ip, fp, where)
|
||||
fp->ipq_dst = ((struct ip *)ip)->ip_dst;
|
||||
#ifdef IPDIVERT
|
||||
fp->ipq_divert = 0;
|
||||
#ifdef IPFW_DIVERT_RESTART
|
||||
#ifndef IPFW_DIVERT_OLDRESTART
|
||||
fp->ipq_div_cookie = 0;
|
||||
#endif /* IPFW_DIVERT_RESTART */
|
||||
#endif /* IPFW_DIVERT_OLDRESTART */
|
||||
#endif
|
||||
q = (struct ipasfrag *)fp;
|
||||
goto insert;
|
||||
@ -741,9 +741,9 @@ insert:
|
||||
*/
|
||||
if (frag_divert_port != 0) {
|
||||
fp->ipq_divert = frag_divert_port;
|
||||
#ifdef IPFW_DIVERT_RESTART
|
||||
#ifndef IPFW_DIVERT_OLDRESTART
|
||||
fp->ipq_div_cookie = ip_divert_in_cookie;
|
||||
#endif /* IPFW_DIVERT_RESTART */
|
||||
#endif /* IPFW_DIVERT_OLDRESTART */
|
||||
}
|
||||
frag_divert_port = 0;
|
||||
#endif
|
||||
@ -792,9 +792,9 @@ insert:
|
||||
* Record divert port for packet, if any
|
||||
*/
|
||||
frag_divert_port = fp->ipq_divert;
|
||||
#ifdef IPFW_DIVERT_RESTART
|
||||
#ifndef IPFW_DIVERT_OLDRESTART
|
||||
ip_divert_in_cookie = fp->ipq_div_cookie;
|
||||
#endif /* IPFW_DIVERT_RESTART */
|
||||
#endif /* IPFW_DIVERT_OLDRESTART */
|
||||
#endif
|
||||
|
||||
/*
|
||||
|
@ -31,7 +31,7 @@
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* @(#)ip_output.c 8.3 (Berkeley) 1/21/94
|
||||
* $Id: ip_output.c,v 1.66 1998/03/21 11:34:20 peter Exp $
|
||||
* $Id: ip_output.c,v 1.67 1998/05/25 10:37:47 julian Exp $
|
||||
*/
|
||||
|
||||
#define _IP_VHL
|
||||
@ -371,7 +371,7 @@ sendit:
|
||||
*/
|
||||
if (ip_fw_chk_ptr) {
|
||||
#ifdef IPDIVERT
|
||||
#ifndef IPFW_DIVERT_RESTART
|
||||
#ifdef IPFW_DIVERT_OLDRESTART
|
||||
ip_divert_port = (*ip_fw_chk_ptr)(&ip,
|
||||
hlen, ifp, ip_divert_ignore, &m);
|
||||
ip_divert_ignore = 0;
|
||||
@ -380,7 +380,7 @@ sendit:
|
||||
ip_divert_port = (*ip_fw_chk_ptr)(&ip,
|
||||
hlen, ifp, ip_divert_out_cookie, &m);
|
||||
ip_divert_out_cookie = 0;
|
||||
#endif /* IPFW_DIVERT_RESTART */
|
||||
#endif /* IPFW_DIVERT_OLDRESTART */
|
||||
if (ip_divert_port) { /* Divert packet */
|
||||
(*inetsw[ip_protox[IPPROTO_DIVERT]].pr_input)(m, 0);
|
||||
goto done;
|
||||
|
@ -31,7 +31,7 @@
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* @(#)ip_var.h 8.2 (Berkeley) 1/9/95
|
||||
* $Id: ip_var.h,v 1.37 1998/05/19 15:53:50 pb Exp $
|
||||
* $Id: ip_var.h,v 1.38 1998/05/25 10:37:48 julian Exp $
|
||||
*/
|
||||
|
||||
#ifndef _NETINET_IP_VAR_H_
|
||||
@ -65,9 +65,9 @@ struct ipq {
|
||||
struct in_addr ipq_src,ipq_dst;
|
||||
#ifdef IPDIVERT
|
||||
u_short ipq_divert; /* divert protocol port */
|
||||
#ifdef IPFW_DIVERT_RESTART
|
||||
#ifndef IPFW_DIVERT_OLDRESTART
|
||||
u_short ipq_div_cookie; /* divert protocol cookie */
|
||||
#endif /* IPFW_DIVERT_RESTART */
|
||||
#endif /* IPFW_DIVERT_OLDRESTART */
|
||||
#endif
|
||||
};
|
||||
|
||||
@ -210,13 +210,13 @@ void div_init __P((void));
|
||||
void div_input __P((struct mbuf *, int));
|
||||
extern struct pr_usrreqs div_usrreqs;
|
||||
extern u_short ip_divert_port;
|
||||
#ifndef IPFW_DIVERT_RESTART
|
||||
#ifdef IPFW_DIVERT_OLDRESTART
|
||||
extern u_short ip_divert_ignore;
|
||||
#else
|
||||
extern u_short ip_divert_in_cookie;
|
||||
extern u_short ip_divert_out_cookie;
|
||||
|
||||
#endif /* IPFW_DIVERT_RESTART */
|
||||
#endif /* IPFW_DIVERT_OLDRESTART */
|
||||
#endif /* IPDIVERT */
|
||||
|
||||
#endif /* KERNEL */
|
||||
|
Loading…
x
Reference in New Issue
Block a user