diff options
author | Guido van Rooij <guido@FreeBSD.org> | 2000-02-09 20:56:36 +0000 |
---|---|---|
committer | Guido van Rooij <guido@FreeBSD.org> | 2000-02-09 20:56:36 +0000 |
commit | 6cd756a2b5a06e06d3add64e62ae481fb3f460ae (patch) | |
tree | cea70730cec910cdbcafd199b77ef8eec7647330 /sys/netinet/fil.c | |
parent | 0f94bd564f06623168ed972780c950be707e316e (diff) | |
download | src-6cd756a2b5a06e06d3add64e62ae481fb3f460ae.tar.gz src-6cd756a2b5a06e06d3add64e62ae481fb3f460ae.zip |
Bring over ipfilter v3_3_8 kernel sources, including merging the
local modifications.
Also fix initializing fr_running in KLD case.
Rename ipl_inited to fr_runninhg in mlfk_ipl
Approved by: jkh
Notes
Notes:
svn path=/head/; revision=57096
Diffstat (limited to 'sys/netinet/fil.c')
-rw-r--r-- | sys/netinet/fil.c | 23 |
1 files changed, 16 insertions, 7 deletions
diff --git a/sys/netinet/fil.c b/sys/netinet/fil.c index cb069f806600..00187cd2981d 100644 --- a/sys/netinet/fil.c +++ b/sys/netinet/fil.c @@ -7,8 +7,7 @@ */ #if !defined(lint) static const char sccsid[] = "@(#)fil.c 1.36 6/5/96 (C) 1993-1996 Darren Reed"; -/*static const char rcsid[] = "@(#)$Id: fil.c,v 2.3.2.14 1999/12/07 12:53:40 darrenr Exp $";*/ -static const char rcsid[] = "@(#)$FreeBSD$"; +static const char rcsid[] = "@(#)$Id: fil.c,v 2.3.2.16 2000/01/27 08:49:37 darrenr Exp $"; #endif #include <sys/errno.h> @@ -20,10 +19,8 @@ static const char rcsid[] = "@(#)$FreeBSD$"; defined(_KERNEL) # include "opt_ipfilter_log.h" #endif -#if ((defined(KERNEL) && defined(__FreeBSD_version) && \ - (__FreeBSD_version >= 220000)) || \ - (defined(_KERNEL) && defined(__FreeBSD_version) && \ - (__FreeBSD_version >= 40013))) +#if defined(_KERNEL) && defined(__FreeBSD_version) && \ + (__FreeBSD_version >= 220000) # include <sys/filio.h> # include <sys/fcntl.h> #else @@ -248,6 +245,12 @@ fr_info_t *fin; if (!off && (icmp->icmp_type == ICMP_ECHOREPLY || icmp->icmp_type == ICMP_ECHO)) minicmpsz = ICMP_MINLEN; + if (!off && (icmp->icmp_type == ICMP_TSTAMP || + icmp->icmp_type == ICMP_TSTAMPREPLY)) + minicmpsz = 20; /* type(1) + code(1) + cksum(2) + id(2) + seq(2) + 3*timestamp(3*4) */ + if (!off && (icmp->icmp_type == ICMP_MASKREQ || + icmp->icmp_type == ICMP_MASKREPLY)) + minicmpsz = 12; /* type(1) + code(1) + cksum(2) + id(2) + seq(2) + mask(4) */ if ((!(ip->ip_len >= hlen + minicmpsz) && !off) || (off && off < sizeof(struct icmp))) fi->fi_fl |= FI_SHORT; @@ -691,6 +694,9 @@ int out; READ_ENTER(&ipf_mutex); + if (fin->fin_fi.fi_fl & FI_SHORT) + ATOMIC_INC(frstats[out].fr_short); + /* * Check auth now. This, combined with the check below to see if apass * is 0 is to ensure that we don't count the packet twice, which can @@ -1181,7 +1187,7 @@ nodata: * SUCH DAMAGE. * * @(#)uipc_mbuf.c 8.2 (Berkeley) 1/4/94 - * $Id: fil.c,v 2.3.2.14 1999/12/07 12:53:40 darrenr Exp $ + * $Id: fil.c,v 2.3.2.16 2000/01/27 08:49:37 darrenr Exp $ */ /* * Copy data from an mbuf chain starting "off" bytes from the beginning, @@ -1582,7 +1588,10 @@ void frsync() # else for (ifp = ifnet; ifp; ifp = ifp->if_next) # endif + { ip_natsync(ifp); + ip_statesync(ifp); + } # endif WRITE_ENTER(&ipf_mutex); |