From 60f9125458da2cb79198fde63d154d9bbe637a22 Mon Sep 17 00:00:00 2001 From: Ruslan Ermilov Date: Tue, 3 Oct 2000 12:18:11 +0000 Subject: [PATCH] Added the missing ntohs() conversion when matching IP packet with the IP_FW_IF_IPID rule. (We have recently decided to keep the ip_id field in network byte order inside the kernel, see revision 1.140 of src/sys/netinet/ip_input.c). I did not like to have the conversion happen in userland, and I think that the similar conversions for fw_tcp(seq|ack|win) should be moved out of userland (src/sbin/ipfw/ipfw.c) into the kernel. --- sys/netinet/ip_fw.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/netinet/ip_fw.c b/sys/netinet/ip_fw.c index a1e9eb9459fc..57bc84511166 100644 --- a/sys/netinet/ip_fw.c +++ b/sys/netinet/ip_fw.c @@ -1141,7 +1141,7 @@ again: continue; if (f->fw_ipflg & IP_FW_IF_IPLEN && f->fw_iplen != ip->ip_len) continue; - if (f->fw_ipflg & IP_FW_IF_IPID && f->fw_ipid != ip->ip_id) + if (f->fw_ipflg & IP_FW_IF_IPID && f->fw_ipid != ntohs(ip->ip_id)) continue; if (f->fw_ipflg & IP_FW_IF_IPTOS && !iptos_match(ip, f)) continue;