Merge updates from 3.4.26 - 3.4.27.

This commit is contained in:
Darren Reed 2002-04-27 16:56:25 +00:00
parent cd5a4c63c7
commit 7df187a3ad
8 changed files with 115 additions and 65 deletions

View File

@ -1470,7 +1470,13 @@ tcphdr_t *tcp;
# endif /* defined(BSD) || defined(sun) */
# endif /* SOLARIS */
#else /* KERNEL */
sum2 = 0;
for (; slen > 1; slen -= 2)
sum += *sp++;
if (slen)
sum += ntohs(*(u_char *)sp << 8);
while (sum > 0xffff)
sum = (sum & 0xffff) + (sum >> 16);
sum2 = (u_short)(~sum & 0xffff);
#endif /* KERNEL */
tcp->th_sum = ts;
return sum2;
@ -1511,7 +1517,7 @@ tcphdr_t *tcp;
* SUCH DAMAGE.
*
* @(#)uipc_mbuf.c 8.2 (Berkeley) 1/4/94
* $Id: fil.c,v 2.35.2.59 2002/03/25 11:07:37 darrenr Exp $
* $Id: fil.c,v 2.35.2.60 2002/04/26 10:20:34 darrenr Exp $
*/
/*
* Copy data from an mbuf chain starting "off" bytes from the beginning,
@ -2176,3 +2182,15 @@ int icmptoicmp6unreach[ICMP_MAX_UNREACH] = {
ICMP6_DST_UNREACH_ADMIN, /* 13: ICMP_UNREACH_ADMIN_PROHIBIT */
};
#endif
#ifndef _KERNEL
int mbuflen(buf)
mb_t *buf;
{
ip_t *ip;
ip = (ip_t *)buf;
return ip->ip_len;
}
#endif

View File

@ -253,7 +253,7 @@ typedef u_int32_t u_32_t;
# define USE_INET6
# endif
# endif
# if !defined(_KERNEL) && !defined(IPFILTER_LKM)
# if !defined(_KERNEL) && !defined(IPFILTER_LKM) && !defined(USE_INET6)
# if (defined(__FreeBSD_version) && (__FreeBSD_version >= 400000)) || \
(defined(OpenBSD) && (OpenBSD >= 200111)) || \
(defined(__NetBSD_Version__) && (__NetBSD_Version__ >= 105000000))
@ -573,7 +573,8 @@ extern void m_copyback __P((struct mbuf *, int, int, caddr_t));
# endif
# if (BSD >= 199306) || defined(__FreeBSD__)
# if (defined(__NetBSD_Version__) && (__NetBSD_Version__ < 105180000)) || \
defined(__FreeBSD__) || defined(__OpenBSD__) || defined(_BSDI_VERSION)
defined(__FreeBSD__) || (defined(OpenBSD) && (OpenBSD < 200206)) || \
defined(_BSDI_VERSION)
# include <vm/vm.h>
# endif
# if !defined(__FreeBSD__) || (defined (__FreeBSD_version) && \

View File

@ -184,6 +184,10 @@ int dlen;
if ((inc + ip->ip_len) > 65535)
return 0;
#if !defined(_KERNEL)
m = *((mb_t **)fin->fin_mp);
bcopy(newbuf, (char *)m + off, nlen);
#else
# if SOLARIS
m = fin->fin_qfm;
for (m1 = m; m1->b_cont; m1 = m1->b_cont)
@ -220,9 +224,10 @@ int dlen;
if (!(m->m_flags & M_PKTHDR))
m->m_pkthdr.len += inc;
# endif
# endif
#endif
if (inc != 0) {
#if SOLARIS || defined(__sgi)
#if (SOLARIS || defined(__sgi)) && defined(_KERNEL)
register u_32_t sum1, sum2;
sum1 = ip->ip_len;
@ -269,6 +274,7 @@ int dlen;
tcp2->th_win = htons(8192);
tcp2->th_sport = htons(sp);
tcp2->th_off = 5;
tcp2->th_flags = TH_SYN;
tcp2->th_dport = 0; /* XXX - don't specify remote port */
fi.fin_data[1] = 0;
fi.fin_dlen = sizeof(*tcp2);
@ -452,6 +458,10 @@ int dlen;
if ((inc + ip->ip_len) > 65535)
return 0;
#if !defined(_KERNEL)
m = *((mb_t **)fin->fin_mp);
m_copyback(m, off, nlen, newbuf);
#else
# if SOLARIS
m = fin->fin_qfm;
for (m1 = m; m1->b_cont; m1 = m1->b_cont)
@ -482,8 +492,9 @@ int dlen;
/* the mbuf chain will be extended if necessary by m_copyback() */
/*m_copyback(m, off, nlen, newbuf);*/
# endif /* SOLARIS */
#endif /* _KERNEL */
if (inc != 0) {
#if SOLARIS || defined(__sgi)
#if (SOLARIS || defined(__sgi)) && defined(_KERNEL)
register u_32_t sum1, sum2;
sum1 = ip->ip_len;
@ -520,6 +531,7 @@ int dlen;
tcp2->th_win = htons(8192);
tcp2->th_sport = 0; /* XXX - fake it for nat_new */
tcp2->th_off = 5;
tcp2->th_flags = TH_SYN;
fi.fin_data[1] = a5 << 8 | a6;
fi.fin_dlen = sizeof(*tcp2);
tcp2->th_dport = htons(fi.fin_data[1]);
@ -721,17 +733,22 @@ int rv;
tcp = (tcphdr_t *)fin->fin_dp;
off = fin->fin_hlen + (tcp->th_off << 2);
#if SOLARIS
#if SOLARIS && defined(_KERNEL)
m = fin->fin_qfm;
#else
m = *((mb_t **)fin->fin_mp);
#endif
#if SOLARIS
mlen = msgdsize(m) - off;
#ifndef _KERNEL
mlen = mbuflen(m);
#else
mlen = mbufchainlen(m) - off;
# if SOLARIS
mlen = msgdsize(m);
# else
mlen = mbufchainlen(m);
# endif
#endif
mlen -= off;
t = &ftp->ftp_side[1 - rv];
f = &ftp->ftp_side[rv];
@ -743,15 +760,18 @@ int rv;
return 0;
}
inc = 0;
rptr = f->ftps_rptr;
wptr = f->ftps_wptr;
i = 0;
sel = nat->nat_aps->aps_sel[1 - rv];
if (rv)
if (rv) {
if (nat->nat_aps->aps_ackmin[sel] > ntohl(tcp->th_seq))
i = nat->nat_aps->aps_ackoff[sel];
else
} else {
if (nat->nat_aps->aps_seqmin[sel] > ntohl(tcp->th_seq))
i = nat->nat_aps->aps_seqoff[sel];
}
/*
* XXX - Ideally, this packet should get dropped because we now know
* that it is out of order (and there is no real danger in doing so
@ -759,18 +779,26 @@ int rv;
*/
if (f->ftps_len + f->ftps_seq == ntohl(tcp->th_seq))
f->ftps_seq = ntohl(tcp->th_seq);
else if (ntohl(tcp->th_seq) + i != f->ftps_seq) {
else {
inc = ntohl(tcp->th_seq) - f->ftps_seq;
if (inc > i) {
return APR_ERR(1);
}
}
inc = 0;
f->ftps_len = mlen;
while (mlen > 0) {
len = MIN(mlen, FTP_BUFSZ / 2);
#if !defined(_KERNEL)
bcopy((char *)m + off, wptr, len);
#else
# if SOLARIS
copyout_mblk(m, off, len, wptr);
# else
m_copydata(m, off, len, wptr);
# endif
#endif
mlen -= len;
off += len;
@ -800,8 +828,9 @@ int rv;
* Off to a bad start so lets just forget about using the
* ftp proxy for this connection.
*/
if ((f->ftps_cmds == 0) && (f->ftps_junk == 1))
if ((f->ftps_cmds == 0) && (f->ftps_junk == 1)) {
return APR_ERR(2);
}
while ((f->ftps_junk == 1) && (rptr < wptr)) {
while ((rptr < wptr) && (*rptr != '\r'))

View File

@ -10,7 +10,8 @@
#if defined(KERNEL) && !defined(_KERNEL)
# define _KERNEL
#endif
#if defined(__NetBSD__) && (NetBSD >= 199905) && !defined(IPFILTER_LKM)
#if defined(__NetBSD__) && (NetBSD >= 199905) && !defined(IPFILTER_LKM) && \
defined(_KERNEL)
# include "opt_ipfilter_log.h"
#endif
#ifdef __FreeBSD__

View File

@ -1770,7 +1770,6 @@ int dir;
sumd2 = sumd;
}
#if 1
/*
* Fix TCP pseudo header checksum to compensate for the
* IP address change. Before we can do the change, we
@ -1790,7 +1789,6 @@ int dir;
CALC_SUMD(sum1, sum2, sumd);
sumd2 = sumd;
}
#endif
} else {
/*
@ -1839,7 +1837,6 @@ int dir;
sumd2 = sumd;
}
#if 1
/*
* Fix TCP pseudo header checksum to compensate for the
* IP address change. Before we can do the change, we
@ -1858,9 +1855,7 @@ int dir;
*/
CALC_SUMD(sum1, sum2, sumd);
sumd2 = sumd;
};
#endif
}
#endif
}

View File

@ -93,8 +93,8 @@ static int appr_fixseqack __P((fr_info_t *, ip_t *, ap_session_t *, int ));
#define AP_SESS_SIZE 53
#if defined(_KERNEL)
#include "netinet/ip_ftp_pxy.c"
#if defined(_KERNEL)
#include "netinet/ip_rcmd_pxy.c"
#include "netinet/ip_raudio_pxy.c"
#include "netinet/ip_netbios_pxy.c"

View File

@ -685,11 +685,18 @@ u_int flags;
hv += is->is_sport;
hv += is->is_dport;
}
if ((flags & FI_IGNOREPKT) == 0) {
is->is_send = ntohl(tcp->th_seq) + fin->fin_dlen -
(off = (tcp->th_off << 2)) +
((tcp->th_flags & TH_SYN) ? 1 : 0) +
((tcp->th_flags & TH_FIN) ? 1 : 0);
is->is_maxsend = is->is_send;
if ((tcp->th_flags & TH_SYN) &&
((tcp->th_off << 2) >= (sizeof(*tcp) + 4)))
is->is_swscale = fr_tcpoptions(tcp);
}
is->is_maxdwin = 1;
is->is_maxswin = ntohs(tcp->th_win);
if (is->is_maxswin == 0)
@ -698,10 +705,6 @@ u_int flags;
if ((tcp->th_flags & TH_OPENING) == TH_SYN)
is->is_fsm = 1;
if ((tcp->th_flags & TH_SYN) &&
((tcp->th_off << 2) >= (sizeof(*tcp) + 4)))
is->is_swscale = fr_tcpoptions(tcp);
/*
* If we're creating state for a starting connection, start the
* timer on it as we'll never see an error if it fails to
@ -972,7 +975,7 @@ tcphdr_t *tcp;
}
}
MUTEX_EXIT(&is->is_lock);
if ((ret == 0) && (tcp->th_flags != TH_SYN))
if ((ret == 0) && ((tcp->th_flags & TH_OPENING) != TH_SYN))
fin->fin_misc |= FM_BADSTATE;
return ret;
}
@ -1226,6 +1229,10 @@ fr_info_t *fin;
*/
bzero((char *)&src, sizeof(src));
bzero((char *)&dst, sizeof(dst));
bzero((char *)&ofin, sizeof(ofin));
ofin.fin_ifp = fin->fin_ifp;
ofin.fin_out = !fin->fin_out;
ofin.fin_v = 4;
fr = NULL;
switch (oip->ip_p)
@ -1260,12 +1267,8 @@ fr_info_t *fin;
savelen = oip->ip_len;
oip->ip_len = len;
ofin.fin_v = 4;
fr_makefrip(ohlen, oip, &ofin);
oip->ip_len = savelen;
ofin.fin_ifp = fin->fin_ifp;
ofin.fin_out = !fin->fin_out;
ofin.fin_mp = NULL; /* if dereferenced, panic XXX */
READ_ENTER(&ipf_state);
for (isp = &ips_table[hv]; (is = *isp); isp = &is->is_hnext)
@ -1314,12 +1317,8 @@ fr_info_t *fin;
*/
savelen = oip->ip_len;
oip->ip_len = len;
ofin.fin_v = 4;
fr_makefrip(ohlen, oip, &ofin);
oip->ip_len = savelen;
ofin.fin_ifp = fin->fin_ifp;
ofin.fin_out = !fin->fin_out;
ofin.fin_mp = NULL; /* if dereferenced, panic XXX */
READ_ENTER(&ipf_state);
for (isp = &ips_table[hv]; (is = *isp); isp = &is->is_hnext) {
/*
@ -1849,7 +1848,7 @@ int dir, fsm;
break;
case TCPS_SYN_SENT: /* 2 */
if (flags == TH_SYN) {
if ((flags & ~(TH_ECN|TH_CWR)) == TH_SYN) {
/*
* A retransmitted SYN packet. We do not reset the
* timeout here to fr_tcptimeout because a connection
@ -1895,6 +1894,12 @@ int dir, fsm;
*/
state[dir] = TCPS_ESTABLISHED;
newage = fr_tcpidletimeout;
} else if ((flags & ~(TH_ECN|TH_CWR)) == TH_OPENING) {
/*
* We see an SA from 'dir' which is already in
* SYN_RECEIVED state.
*/
newage = fr_tcptimeout;
} else if (flags & TH_FIN) {
/*
* We see an F from 'dir' which is in SYN_RECEIVED
@ -1989,6 +1994,8 @@ int dir, fsm;
* timeout
*/
newage = fr_tcplastack;
else
newage = *age;
}
/*
* We cannot detect when we go out of LAST_ACK state to CLOSED
@ -2096,6 +2103,15 @@ fr_info_t *fin;
if (fin->fin_plen < sizeof(*oip))
return NULL;
if ((oip->ip6_nxt != IPPROTO_TCP) && (oip->ip6_nxt != IPPROTO_UDP) &&
(oip->ip6_nxt != IPPROTO_ICMPV6))
return NULL;
bzero((char *)&ofin, sizeof(ofin));
ofin.fin_out = !fin->fin_out;
ofin.fin_ifp = fin->fin_ifp;
ofin.fin_v = 6;
if (oip->ip6_nxt == IPPROTO_ICMPV6) {
oic = (struct icmp6_hdr *)(oip + 1);
/*
@ -2121,12 +2137,8 @@ fr_info_t *fin;
hv %= fr_statesize;
oip->ip6_plen = ntohs(oip->ip6_plen);
ofin.fin_v = 6;
fr_makefrip(sizeof(*oip), (ip_t *)oip, &ofin);
oip->ip6_plen = htons(oip->ip6_plen);
ofin.fin_ifp = fin->fin_ifp;
ofin.fin_out = !fin->fin_out;
ofin.fin_mp = NULL; /* if dereferenced, panic XXX */
READ_ENTER(&ipf_state);
for (isp = &ips_table[hv]; (is = *isp); isp = &is->is_hnext)
@ -2151,10 +2163,8 @@ fr_info_t *fin;
RWLOCK_EXIT(&ipf_state);
return NULL;
};
}
if ((oip->ip6_nxt != IPPROTO_TCP) && (oip->ip6_nxt != IPPROTO_UDP))
return NULL;
tcp = (tcphdr_t *)(oip + 1);
dport = tcp->th_dport;
sport = tcp->th_sport;
@ -2185,12 +2195,8 @@ fr_info_t *fin;
*/
savelen = oip->ip6_plen;
oip->ip6_plen = ip->ip6_plen - sizeof(*ip) - ICMPERR_ICMPHLEN;
ofin.fin_v = 6;
fr_makefrip(sizeof(*oip), (ip_t *)oip, &ofin);
oip->ip6_plen = savelen;
ofin.fin_ifp = fin->fin_ifp;
ofin.fin_out = !fin->fin_out;
ofin.fin_mp = NULL; /* if dereferenced, panic XXX */
READ_ENTER(&ipf_state);
for (isp = &ips_table[hv]; (is = *isp); isp = &is->is_hnext) {
/*

View File

@ -10,6 +10,6 @@
#ifndef __IPL_H__
#define __IPL_H__
#define IPL_VERSION "IP Filter: v3.4.26"
#define IPL_VERSION "IP Filter: v3.4.27"
#endif