diff options
author | Guido van Rooij <guido@FreeBSD.org> | 2000-02-09 20:46:45 +0000 |
---|---|---|
committer | Guido van Rooij <guido@FreeBSD.org> | 2000-02-09 20:46:45 +0000 |
commit | 14f80d3d7b0facdb829707b1b599040b7a44592a (patch) | |
tree | 0b084e918c24605e4f362111a153271266a7540d /contrib/ipfilter/fil.c | |
parent | 23a0caaf86232d57ff32c6d365b7f2872ca79f9b (diff) | |
download | src-14f80d3d7b0facdb829707b1b599040b7a44592a.tar.gz src-14f80d3d7b0facdb829707b1b599040b7a44592a.zip |
Import of ipfilter 3.3.8
Approved by: jkh
Notes
Notes:
svn path=/vendor/ipfilter/dist/; revision=57093
Diffstat (limited to 'contrib/ipfilter/fil.c')
-rw-r--r-- | contrib/ipfilter/fil.c | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/contrib/ipfilter/fil.c b/contrib/ipfilter/fil.c index 7e0a00764820..f527bdb5af89 100644 --- a/contrib/ipfilter/fil.c +++ b/contrib/ipfilter/fil.c @@ -7,7 +7,7 @@ */ #if !defined(lint) static const char sccsid[] = "@(#)fil.c 1.36 6/5/96 (C) 1993-1996 Darren Reed"; -static const char rcsid[] = "@(#)$Id: fil.c,v 2.3.2.14 1999/12/07 12:53:40 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: fil.c,v 2.3.2.16 2000/01/27 08:49:37 darrenr Exp $"; #endif #include <sys/errno.h> @@ -245,6 +245,12 @@ fr_info_t *fin; if (!off && (icmp->icmp_type == ICMP_ECHOREPLY || icmp->icmp_type == ICMP_ECHO)) minicmpsz = ICMP_MINLEN; + if (!off && (icmp->icmp_type == ICMP_TSTAMP || + icmp->icmp_type == ICMP_TSTAMPREPLY)) + minicmpsz = 20; /* type(1) + code(1) + cksum(2) + id(2) + seq(2) + 3*timestamp(3*4) */ + if (!off && (icmp->icmp_type == ICMP_MASKREQ || + icmp->icmp_type == ICMP_MASKREPLY)) + minicmpsz = 12; /* type(1) + code(1) + cksum(2) + id(2) + seq(2) + mask(4) */ if ((!(ip->ip_len >= hlen + minicmpsz) && !off) || (off && off < sizeof(struct icmp))) fi->fi_fl |= FI_SHORT; @@ -688,6 +694,9 @@ int out; READ_ENTER(&ipf_mutex); + if (fin->fin_fi.fi_fl & FI_SHORT) + ATOMIC_INC(frstats[out].fr_short); + /* * Check auth now. This, combined with the check below to see if apass * is 0 is to ensure that we don't count the packet twice, which can @@ -1178,7 +1187,7 @@ nodata: * SUCH DAMAGE. * * @(#)uipc_mbuf.c 8.2 (Berkeley) 1/4/94 - * $Id: fil.c,v 2.3.2.14 1999/12/07 12:53:40 darrenr Exp $ + * $Id: fil.c,v 2.3.2.16 2000/01/27 08:49:37 darrenr Exp $ */ /* * Copy data from an mbuf chain starting "off" bytes from the beginning, @@ -1579,7 +1588,10 @@ void frsync() # else for (ifp = ifnet; ifp; ifp = ifp->if_next) # endif + { ip_natsync(ifp); + ip_statesync(ifp); + } # endif WRITE_ENTER(&ipf_mutex); |