aboutsummaryrefslogtreecommitdiffstats
path: root/sys/contrib/ipfilter/netinet/fil.c
diff options
context:
space:
mode:
authorDarren Reed <darrenr@FreeBSD.org>2003-02-15 06:18:25 +0000
committerDarren Reed <darrenr@FreeBSD.org>2003-02-15 06:18:25 +0000
commit46e22717ef19d69b4b74b02ddd23fc5fadb8713a (patch)
treea4b00c07eabcdaeae3ab07a69909f01608f44735 /sys/contrib/ipfilter/netinet/fil.c
parentd7d368dd57d12e62ba554f3cc01fd576101149c3 (diff)
downloadsrc-46e22717ef19d69b4b74b02ddd23fc5fadb8713a.tar.gz
src-46e22717ef19d69b4b74b02ddd23fc5fadb8713a.zip
Import IPFilter 3.4.31 into -current
Notes
Notes: svn path=/vendor-sys/ipfilter/dist/; revision=110911
Diffstat (limited to 'sys/contrib/ipfilter/netinet/fil.c')
-rw-r--r--sys/contrib/ipfilter/netinet/fil.c65
1 files changed, 51 insertions, 14 deletions
diff --git a/sys/contrib/ipfilter/netinet/fil.c b/sys/contrib/ipfilter/netinet/fil.c
index 146e70aac1df..a981fcb91992 100644
--- a/sys/contrib/ipfilter/netinet/fil.c
+++ b/sys/contrib/ipfilter/netinet/fil.c
@@ -3,7 +3,7 @@
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
-#ifdef __sgi
+#if defined(__sgi) && (IRIX > 602)
# include <sys/ptimers.h>
#endif
#include <sys/errno.h>
@@ -97,7 +97,7 @@
#if !defined(lint)
static const char sccsid[] = "@(#)fil.c 1.36 6/5/96 (C) 1993-2000 Darren Reed";
-static const char rcsid[] = "@(#)$Id: fil.c,v 2.35.2.63 2002/08/28 12:40:08 darrenr Exp $";
+static const char rcsid[] = "@(#)$Id: fil.c,v 2.35.2.67 2002/12/06 13:28:05 darrenr Exp $";
#endif
#ifndef _KERNEL
@@ -699,7 +699,8 @@ void *m;
if (!fr_tcpudpchk(&fr->fr_tuc, fin))
continue;
} else if (fr->fr_icmpm || fr->fr_icmp) {
- if ((fi->fi_p != IPPROTO_ICMP) || off ||
+ if (((fi->fi_p != IPPROTO_ICMP) &&
+ (fi->fi_p != IPPROTO_ICMPV6)) || off ||
(fin->fin_dlen < 2))
continue;
if ((fin->fin_data[0] & fr->fr_icmpm) != fr->fr_icmp) {
@@ -814,6 +815,26 @@ int out;
# endif
int up;
+# if !SOLARIS && !defined(NETBSD_PF) && \
+ ((defined(__FreeBSD__) && (__FreeBSD_version < 500011)) || \
+ defined(__OpenBSD__) || defined(_BSDI_VERSION))
+ if (fr_checkp != fr_check && fr_running > 0) {
+ static int counter = 0;
+
+ if (counter == 0) {
+ printf("WARNING: fr_checkp corrupt: value %lx\n",
+ (u_long)fr_checkp);
+ printf("WARNING: fr_checkp should be %lx\n",
+ (u_long)fr_check);
+ printf("WARNING: fixing fr_checkp\n");
+ }
+ fr_checkp = fr_check;
+ counter++;
+ if (counter == 10000)
+ counter = 0;
+ }
+# endif
+
# ifdef M_CANFASTFWD
/*
* XXX For now, IP Filter and fast-forwarding of cached flows
@@ -1510,7 +1531,7 @@ nodata:
* SUCH DAMAGE.
*
* @(#)uipc_mbuf.c 8.2 (Berkeley) 1/4/94
- * $Id: fil.c,v 2.35.2.63 2002/08/28 12:40:08 darrenr Exp $
+ * $Id: fil.c,v 2.35.2.67 2002/12/06 13:28:05 darrenr Exp $
*/
/*
* Copy data from an mbuf chain starting "off" bytes from the beginning,
@@ -1716,9 +1737,9 @@ frentry_t **listp;
}
-int frflush(unit, flags)
+int frflush(unit, proto, flags)
minor_t unit;
-int flags;
+int proto, flags;
{
int flushed = 0, set;
@@ -1733,19 +1754,35 @@ int flags;
if (flags & FR_OUTQUE) {
#ifdef USE_INET6
- (void) frflushlist(set, unit, &flushed, &ipfilter6[1][set]);
- (void) frflushlist(set, unit, &flushed, &ipacct6[1][set]);
+ if (proto == 0 || proto == 6) {
+ (void) frflushlist(set, unit,
+ &flushed, &ipfilter6[1][set]);
+ (void) frflushlist(set, unit,
+ &flushed, &ipacct6[1][set]);
+ }
#endif
- (void) frflushlist(set, unit, &flushed, &ipfilter[1][set]);
- (void) frflushlist(set, unit, &flushed, &ipacct[1][set]);
+ if (proto == 0 || proto == 4) {
+ (void) frflushlist(set, unit,
+ &flushed, &ipfilter[1][set]);
+ (void) frflushlist(set, unit,
+ &flushed, &ipacct[1][set]);
+ }
}
if (flags & FR_INQUE) {
#ifdef USE_INET6
- (void) frflushlist(set, unit, &flushed, &ipfilter6[0][set]);
- (void) frflushlist(set, unit, &flushed, &ipacct6[0][set]);
+ if (proto == 0 || proto == 6) {
+ (void) frflushlist(set, unit,
+ &flushed, &ipfilter6[0][set]);
+ (void) frflushlist(set, unit,
+ &flushed, &ipacct6[0][set]);
+ }
#endif
- (void) frflushlist(set, unit, &flushed, &ipfilter[0][set]);
- (void) frflushlist(set, unit, &flushed, &ipacct[0][set]);
+ if (proto == 0 || proto == 4) {
+ (void) frflushlist(set, unit,
+ &flushed, &ipfilter[0][set]);
+ (void) frflushlist(set, unit,
+ &flushed, &ipacct[0][set]);
+ }
}
RWLOCK_EXIT(&ipf_mutex);
return flushed;