Merge updates from 3.4.26 - 3.4.27.
This commit is contained in:
parent
cd5a4c63c7
commit
7df187a3ad
@ -1470,7 +1470,13 @@ tcphdr_t *tcp;
|
||||
# endif /* defined(BSD) || defined(sun) */
|
||||
# endif /* SOLARIS */
|
||||
#else /* KERNEL */
|
||||
sum2 = 0;
|
||||
for (; slen > 1; slen -= 2)
|
||||
sum += *sp++;
|
||||
if (slen)
|
||||
sum += ntohs(*(u_char *)sp << 8);
|
||||
while (sum > 0xffff)
|
||||
sum = (sum & 0xffff) + (sum >> 16);
|
||||
sum2 = (u_short)(~sum & 0xffff);
|
||||
#endif /* KERNEL */
|
||||
tcp->th_sum = ts;
|
||||
return sum2;
|
||||
@ -1511,7 +1517,7 @@ tcphdr_t *tcp;
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* @(#)uipc_mbuf.c 8.2 (Berkeley) 1/4/94
|
||||
* $Id: fil.c,v 2.35.2.59 2002/03/25 11:07:37 darrenr Exp $
|
||||
* $Id: fil.c,v 2.35.2.60 2002/04/26 10:20:34 darrenr Exp $
|
||||
*/
|
||||
/*
|
||||
* Copy data from an mbuf chain starting "off" bytes from the beginning,
|
||||
@ -2176,3 +2182,15 @@ int icmptoicmp6unreach[ICMP_MAX_UNREACH] = {
|
||||
ICMP6_DST_UNREACH_ADMIN, /* 13: ICMP_UNREACH_ADMIN_PROHIBIT */
|
||||
};
|
||||
#endif
|
||||
|
||||
|
||||
#ifndef _KERNEL
|
||||
int mbuflen(buf)
|
||||
mb_t *buf;
|
||||
{
|
||||
ip_t *ip;
|
||||
|
||||
ip = (ip_t *)buf;
|
||||
return ip->ip_len;
|
||||
}
|
||||
#endif
|
||||
|
@ -253,7 +253,7 @@ typedef u_int32_t u_32_t;
|
||||
# define USE_INET6
|
||||
# endif
|
||||
# endif
|
||||
# if !defined(_KERNEL) && !defined(IPFILTER_LKM)
|
||||
# if !defined(_KERNEL) && !defined(IPFILTER_LKM) && !defined(USE_INET6)
|
||||
# if (defined(__FreeBSD_version) && (__FreeBSD_version >= 400000)) || \
|
||||
(defined(OpenBSD) && (OpenBSD >= 200111)) || \
|
||||
(defined(__NetBSD_Version__) && (__NetBSD_Version__ >= 105000000))
|
||||
@ -573,7 +573,8 @@ extern void m_copyback __P((struct mbuf *, int, int, caddr_t));
|
||||
# endif
|
||||
# if (BSD >= 199306) || defined(__FreeBSD__)
|
||||
# if (defined(__NetBSD_Version__) && (__NetBSD_Version__ < 105180000)) || \
|
||||
defined(__FreeBSD__) || defined(__OpenBSD__) || defined(_BSDI_VERSION)
|
||||
defined(__FreeBSD__) || (defined(OpenBSD) && (OpenBSD < 200206)) || \
|
||||
defined(_BSDI_VERSION)
|
||||
# include <vm/vm.h>
|
||||
# endif
|
||||
# if !defined(__FreeBSD__) || (defined (__FreeBSD_version) && \
|
||||
|
@ -184,6 +184,10 @@ int dlen;
|
||||
if ((inc + ip->ip_len) > 65535)
|
||||
return 0;
|
||||
|
||||
#if !defined(_KERNEL)
|
||||
m = *((mb_t **)fin->fin_mp);
|
||||
bcopy(newbuf, (char *)m + off, nlen);
|
||||
#else
|
||||
# if SOLARIS
|
||||
m = fin->fin_qfm;
|
||||
for (m1 = m; m1->b_cont; m1 = m1->b_cont)
|
||||
@ -220,9 +224,10 @@ int dlen;
|
||||
if (!(m->m_flags & M_PKTHDR))
|
||||
m->m_pkthdr.len += inc;
|
||||
# endif
|
||||
# endif
|
||||
#endif
|
||||
if (inc != 0) {
|
||||
#if SOLARIS || defined(__sgi)
|
||||
#if (SOLARIS || defined(__sgi)) && defined(_KERNEL)
|
||||
register u_32_t sum1, sum2;
|
||||
|
||||
sum1 = ip->ip_len;
|
||||
@ -269,6 +274,7 @@ int dlen;
|
||||
tcp2->th_win = htons(8192);
|
||||
tcp2->th_sport = htons(sp);
|
||||
tcp2->th_off = 5;
|
||||
tcp2->th_flags = TH_SYN;
|
||||
tcp2->th_dport = 0; /* XXX - don't specify remote port */
|
||||
fi.fin_data[1] = 0;
|
||||
fi.fin_dlen = sizeof(*tcp2);
|
||||
@ -452,6 +458,10 @@ int dlen;
|
||||
if ((inc + ip->ip_len) > 65535)
|
||||
return 0;
|
||||
|
||||
#if !defined(_KERNEL)
|
||||
m = *((mb_t **)fin->fin_mp);
|
||||
m_copyback(m, off, nlen, newbuf);
|
||||
#else
|
||||
# if SOLARIS
|
||||
m = fin->fin_qfm;
|
||||
for (m1 = m; m1->b_cont; m1 = m1->b_cont)
|
||||
@ -482,8 +492,9 @@ int dlen;
|
||||
/* the mbuf chain will be extended if necessary by m_copyback() */
|
||||
/*m_copyback(m, off, nlen, newbuf);*/
|
||||
# endif /* SOLARIS */
|
||||
#endif /* _KERNEL */
|
||||
if (inc != 0) {
|
||||
#if SOLARIS || defined(__sgi)
|
||||
#if (SOLARIS || defined(__sgi)) && defined(_KERNEL)
|
||||
register u_32_t sum1, sum2;
|
||||
|
||||
sum1 = ip->ip_len;
|
||||
@ -520,6 +531,7 @@ int dlen;
|
||||
tcp2->th_win = htons(8192);
|
||||
tcp2->th_sport = 0; /* XXX - fake it for nat_new */
|
||||
tcp2->th_off = 5;
|
||||
tcp2->th_flags = TH_SYN;
|
||||
fi.fin_data[1] = a5 << 8 | a6;
|
||||
fi.fin_dlen = sizeof(*tcp2);
|
||||
tcp2->th_dport = htons(fi.fin_data[1]);
|
||||
@ -721,17 +733,22 @@ int rv;
|
||||
tcp = (tcphdr_t *)fin->fin_dp;
|
||||
off = fin->fin_hlen + (tcp->th_off << 2);
|
||||
|
||||
#if SOLARIS
|
||||
#if SOLARIS && defined(_KERNEL)
|
||||
m = fin->fin_qfm;
|
||||
#else
|
||||
m = *((mb_t **)fin->fin_mp);
|
||||
#endif
|
||||
|
||||
#if SOLARIS
|
||||
mlen = msgdsize(m) - off;
|
||||
#ifndef _KERNEL
|
||||
mlen = mbuflen(m);
|
||||
#else
|
||||
mlen = mbufchainlen(m) - off;
|
||||
# if SOLARIS
|
||||
mlen = msgdsize(m);
|
||||
# else
|
||||
mlen = mbufchainlen(m);
|
||||
# endif
|
||||
#endif
|
||||
mlen -= off;
|
||||
|
||||
t = &ftp->ftp_side[1 - rv];
|
||||
f = &ftp->ftp_side[rv];
|
||||
@ -743,15 +760,18 @@ int rv;
|
||||
return 0;
|
||||
}
|
||||
|
||||
inc = 0;
|
||||
rptr = f->ftps_rptr;
|
||||
wptr = f->ftps_wptr;
|
||||
|
||||
i = 0;
|
||||
sel = nat->nat_aps->aps_sel[1 - rv];
|
||||
if (rv)
|
||||
if (rv) {
|
||||
if (nat->nat_aps->aps_ackmin[sel] > ntohl(tcp->th_seq))
|
||||
i = nat->nat_aps->aps_ackoff[sel];
|
||||
else
|
||||
} else {
|
||||
if (nat->nat_aps->aps_seqmin[sel] > ntohl(tcp->th_seq))
|
||||
i = nat->nat_aps->aps_seqoff[sel];
|
||||
}
|
||||
/*
|
||||
* XXX - Ideally, this packet should get dropped because we now know
|
||||
* that it is out of order (and there is no real danger in doing so
|
||||
@ -759,18 +779,26 @@ int rv;
|
||||
*/
|
||||
if (f->ftps_len + f->ftps_seq == ntohl(tcp->th_seq))
|
||||
f->ftps_seq = ntohl(tcp->th_seq);
|
||||
else if (ntohl(tcp->th_seq) + i != f->ftps_seq) {
|
||||
else {
|
||||
inc = ntohl(tcp->th_seq) - f->ftps_seq;
|
||||
if (inc > i) {
|
||||
return APR_ERR(1);
|
||||
}
|
||||
}
|
||||
inc = 0;
|
||||
f->ftps_len = mlen;
|
||||
|
||||
while (mlen > 0) {
|
||||
len = MIN(mlen, FTP_BUFSZ / 2);
|
||||
|
||||
#if !defined(_KERNEL)
|
||||
bcopy((char *)m + off, wptr, len);
|
||||
#else
|
||||
# if SOLARIS
|
||||
copyout_mblk(m, off, len, wptr);
|
||||
# else
|
||||
m_copydata(m, off, len, wptr);
|
||||
# endif
|
||||
#endif
|
||||
mlen -= len;
|
||||
off += len;
|
||||
@ -800,8 +828,9 @@ int rv;
|
||||
* Off to a bad start so lets just forget about using the
|
||||
* ftp proxy for this connection.
|
||||
*/
|
||||
if ((f->ftps_cmds == 0) && (f->ftps_junk == 1))
|
||||
if ((f->ftps_cmds == 0) && (f->ftps_junk == 1)) {
|
||||
return APR_ERR(2);
|
||||
}
|
||||
|
||||
while ((f->ftps_junk == 1) && (rptr < wptr)) {
|
||||
while ((rptr < wptr) && (*rptr != '\r'))
|
||||
|
@ -10,7 +10,8 @@
|
||||
#if defined(KERNEL) && !defined(_KERNEL)
|
||||
# define _KERNEL
|
||||
#endif
|
||||
#if defined(__NetBSD__) && (NetBSD >= 199905) && !defined(IPFILTER_LKM)
|
||||
#if defined(__NetBSD__) && (NetBSD >= 199905) && !defined(IPFILTER_LKM) && \
|
||||
defined(_KERNEL)
|
||||
# include "opt_ipfilter_log.h"
|
||||
#endif
|
||||
#ifdef __FreeBSD__
|
||||
|
@ -1770,7 +1770,6 @@ int dir;
|
||||
sumd2 = sumd;
|
||||
}
|
||||
|
||||
#if 1
|
||||
/*
|
||||
* Fix TCP pseudo header checksum to compensate for the
|
||||
* IP address change. Before we can do the change, we
|
||||
@ -1790,7 +1789,6 @@ int dir;
|
||||
CALC_SUMD(sum1, sum2, sumd);
|
||||
sumd2 = sumd;
|
||||
}
|
||||
#endif
|
||||
} else {
|
||||
|
||||
/*
|
||||
@ -1839,7 +1837,6 @@ int dir;
|
||||
sumd2 = sumd;
|
||||
}
|
||||
|
||||
#if 1
|
||||
/*
|
||||
* Fix TCP pseudo header checksum to compensate for the
|
||||
* IP address change. Before we can do the change, we
|
||||
@ -1858,9 +1855,7 @@ int dir;
|
||||
*/
|
||||
CALC_SUMD(sum1, sum2, sumd);
|
||||
sumd2 = sumd;
|
||||
};
|
||||
#endif
|
||||
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
|
@ -93,8 +93,8 @@ static int appr_fixseqack __P((fr_info_t *, ip_t *, ap_session_t *, int ));
|
||||
|
||||
#define AP_SESS_SIZE 53
|
||||
|
||||
#if defined(_KERNEL)
|
||||
#include "netinet/ip_ftp_pxy.c"
|
||||
#if defined(_KERNEL)
|
||||
#include "netinet/ip_rcmd_pxy.c"
|
||||
#include "netinet/ip_raudio_pxy.c"
|
||||
#include "netinet/ip_netbios_pxy.c"
|
||||
|
@ -685,11 +685,18 @@ u_int flags;
|
||||
hv += is->is_sport;
|
||||
hv += is->is_dport;
|
||||
}
|
||||
if ((flags & FI_IGNOREPKT) == 0) {
|
||||
is->is_send = ntohl(tcp->th_seq) + fin->fin_dlen -
|
||||
(off = (tcp->th_off << 2)) +
|
||||
((tcp->th_flags & TH_SYN) ? 1 : 0) +
|
||||
((tcp->th_flags & TH_FIN) ? 1 : 0);
|
||||
is->is_maxsend = is->is_send;
|
||||
|
||||
if ((tcp->th_flags & TH_SYN) &&
|
||||
((tcp->th_off << 2) >= (sizeof(*tcp) + 4)))
|
||||
is->is_swscale = fr_tcpoptions(tcp);
|
||||
}
|
||||
|
||||
is->is_maxdwin = 1;
|
||||
is->is_maxswin = ntohs(tcp->th_win);
|
||||
if (is->is_maxswin == 0)
|
||||
@ -698,10 +705,6 @@ u_int flags;
|
||||
if ((tcp->th_flags & TH_OPENING) == TH_SYN)
|
||||
is->is_fsm = 1;
|
||||
|
||||
if ((tcp->th_flags & TH_SYN) &&
|
||||
((tcp->th_off << 2) >= (sizeof(*tcp) + 4)))
|
||||
is->is_swscale = fr_tcpoptions(tcp);
|
||||
|
||||
/*
|
||||
* If we're creating state for a starting connection, start the
|
||||
* timer on it as we'll never see an error if it fails to
|
||||
@ -972,7 +975,7 @@ tcphdr_t *tcp;
|
||||
}
|
||||
}
|
||||
MUTEX_EXIT(&is->is_lock);
|
||||
if ((ret == 0) && (tcp->th_flags != TH_SYN))
|
||||
if ((ret == 0) && ((tcp->th_flags & TH_OPENING) != TH_SYN))
|
||||
fin->fin_misc |= FM_BADSTATE;
|
||||
return ret;
|
||||
}
|
||||
@ -1226,6 +1229,10 @@ fr_info_t *fin;
|
||||
*/
|
||||
bzero((char *)&src, sizeof(src));
|
||||
bzero((char *)&dst, sizeof(dst));
|
||||
bzero((char *)&ofin, sizeof(ofin));
|
||||
ofin.fin_ifp = fin->fin_ifp;
|
||||
ofin.fin_out = !fin->fin_out;
|
||||
ofin.fin_v = 4;
|
||||
fr = NULL;
|
||||
|
||||
switch (oip->ip_p)
|
||||
@ -1260,12 +1267,8 @@ fr_info_t *fin;
|
||||
|
||||
savelen = oip->ip_len;
|
||||
oip->ip_len = len;
|
||||
ofin.fin_v = 4;
|
||||
fr_makefrip(ohlen, oip, &ofin);
|
||||
oip->ip_len = savelen;
|
||||
ofin.fin_ifp = fin->fin_ifp;
|
||||
ofin.fin_out = !fin->fin_out;
|
||||
ofin.fin_mp = NULL; /* if dereferenced, panic XXX */
|
||||
|
||||
READ_ENTER(&ipf_state);
|
||||
for (isp = &ips_table[hv]; (is = *isp); isp = &is->is_hnext)
|
||||
@ -1314,12 +1317,8 @@ fr_info_t *fin;
|
||||
*/
|
||||
savelen = oip->ip_len;
|
||||
oip->ip_len = len;
|
||||
ofin.fin_v = 4;
|
||||
fr_makefrip(ohlen, oip, &ofin);
|
||||
oip->ip_len = savelen;
|
||||
ofin.fin_ifp = fin->fin_ifp;
|
||||
ofin.fin_out = !fin->fin_out;
|
||||
ofin.fin_mp = NULL; /* if dereferenced, panic XXX */
|
||||
READ_ENTER(&ipf_state);
|
||||
for (isp = &ips_table[hv]; (is = *isp); isp = &is->is_hnext) {
|
||||
/*
|
||||
@ -1849,7 +1848,7 @@ int dir, fsm;
|
||||
break;
|
||||
|
||||
case TCPS_SYN_SENT: /* 2 */
|
||||
if (flags == TH_SYN) {
|
||||
if ((flags & ~(TH_ECN|TH_CWR)) == TH_SYN) {
|
||||
/*
|
||||
* A retransmitted SYN packet. We do not reset the
|
||||
* timeout here to fr_tcptimeout because a connection
|
||||
@ -1895,6 +1894,12 @@ int dir, fsm;
|
||||
*/
|
||||
state[dir] = TCPS_ESTABLISHED;
|
||||
newage = fr_tcpidletimeout;
|
||||
} else if ((flags & ~(TH_ECN|TH_CWR)) == TH_OPENING) {
|
||||
/*
|
||||
* We see an SA from 'dir' which is already in
|
||||
* SYN_RECEIVED state.
|
||||
*/
|
||||
newage = fr_tcptimeout;
|
||||
} else if (flags & TH_FIN) {
|
||||
/*
|
||||
* We see an F from 'dir' which is in SYN_RECEIVED
|
||||
@ -1989,6 +1994,8 @@ int dir, fsm;
|
||||
* timeout
|
||||
*/
|
||||
newage = fr_tcplastack;
|
||||
else
|
||||
newage = *age;
|
||||
}
|
||||
/*
|
||||
* We cannot detect when we go out of LAST_ACK state to CLOSED
|
||||
@ -2096,6 +2103,15 @@ fr_info_t *fin;
|
||||
if (fin->fin_plen < sizeof(*oip))
|
||||
return NULL;
|
||||
|
||||
if ((oip->ip6_nxt != IPPROTO_TCP) && (oip->ip6_nxt != IPPROTO_UDP) &&
|
||||
(oip->ip6_nxt != IPPROTO_ICMPV6))
|
||||
return NULL;
|
||||
|
||||
bzero((char *)&ofin, sizeof(ofin));
|
||||
ofin.fin_out = !fin->fin_out;
|
||||
ofin.fin_ifp = fin->fin_ifp;
|
||||
ofin.fin_v = 6;
|
||||
|
||||
if (oip->ip6_nxt == IPPROTO_ICMPV6) {
|
||||
oic = (struct icmp6_hdr *)(oip + 1);
|
||||
/*
|
||||
@ -2121,12 +2137,8 @@ fr_info_t *fin;
|
||||
hv %= fr_statesize;
|
||||
|
||||
oip->ip6_plen = ntohs(oip->ip6_plen);
|
||||
ofin.fin_v = 6;
|
||||
fr_makefrip(sizeof(*oip), (ip_t *)oip, &ofin);
|
||||
oip->ip6_plen = htons(oip->ip6_plen);
|
||||
ofin.fin_ifp = fin->fin_ifp;
|
||||
ofin.fin_out = !fin->fin_out;
|
||||
ofin.fin_mp = NULL; /* if dereferenced, panic XXX */
|
||||
|
||||
READ_ENTER(&ipf_state);
|
||||
for (isp = &ips_table[hv]; (is = *isp); isp = &is->is_hnext)
|
||||
@ -2151,10 +2163,8 @@ fr_info_t *fin;
|
||||
RWLOCK_EXIT(&ipf_state);
|
||||
|
||||
return NULL;
|
||||
};
|
||||
}
|
||||
|
||||
if ((oip->ip6_nxt != IPPROTO_TCP) && (oip->ip6_nxt != IPPROTO_UDP))
|
||||
return NULL;
|
||||
tcp = (tcphdr_t *)(oip + 1);
|
||||
dport = tcp->th_dport;
|
||||
sport = tcp->th_sport;
|
||||
@ -2185,12 +2195,8 @@ fr_info_t *fin;
|
||||
*/
|
||||
savelen = oip->ip6_plen;
|
||||
oip->ip6_plen = ip->ip6_plen - sizeof(*ip) - ICMPERR_ICMPHLEN;
|
||||
ofin.fin_v = 6;
|
||||
fr_makefrip(sizeof(*oip), (ip_t *)oip, &ofin);
|
||||
oip->ip6_plen = savelen;
|
||||
ofin.fin_ifp = fin->fin_ifp;
|
||||
ofin.fin_out = !fin->fin_out;
|
||||
ofin.fin_mp = NULL; /* if dereferenced, panic XXX */
|
||||
READ_ENTER(&ipf_state);
|
||||
for (isp = &ips_table[hv]; (is = *isp); isp = &is->is_hnext) {
|
||||
/*
|
||||
|
@ -10,6 +10,6 @@
|
||||
#ifndef __IPL_H__
|
||||
#define __IPL_H__
|
||||
|
||||
#define IPL_VERSION "IP Filter: v3.4.26"
|
||||
#define IPL_VERSION "IP Filter: v3.4.27"
|
||||
|
||||
#endif
|
||||
|
Loading…
Reference in New Issue
Block a user