aboutsummaryrefslogtreecommitdiffstats
path: root/sys/contrib/ipfilter/netinet/fil.c
diff options
context:
space:
mode:
authorDarren Reed <darrenr@FreeBSD.org>2002-08-28 13:26:02 +0000
committerDarren Reed <darrenr@FreeBSD.org>2002-08-28 13:26:02 +0000
commit4ba500330af9947ec88524af0ff9d10e4d465e3a (patch)
treeefab0bcd8c6e584fc4f6c43d7d7e752dbfb8463b /sys/contrib/ipfilter/netinet/fil.c
parent39cf61414ceccbb5948110f94ed340ae89a86b41 (diff)
downloadsrc-4ba500330af9947ec88524af0ff9d10e4d465e3a.tar.gz
src-4ba500330af9947ec88524af0ff9d10e4d465e3a.zip
Import IPfilter 3.4.29. Main purpose is to address ftp proxy problems.
Notes
Notes: svn path=/vendor-sys/ipfilter/dist-old/; revision=102516
Diffstat (limited to 'sys/contrib/ipfilter/netinet/fil.c')
-rw-r--r--sys/contrib/ipfilter/netinet/fil.c17
1 files changed, 13 insertions, 4 deletions
diff --git a/sys/contrib/ipfilter/netinet/fil.c b/sys/contrib/ipfilter/netinet/fil.c
index ed319d4b52e9..146e70aac1df 100644
--- a/sys/contrib/ipfilter/netinet/fil.c
+++ b/sys/contrib/ipfilter/netinet/fil.c
@@ -97,7 +97,7 @@
#if !defined(lint)
static const char sccsid[] = "@(#)fil.c 1.36 6/5/96 (C) 1993-2000 Darren Reed";
-static const char rcsid[] = "@(#)$Id: fil.c,v 2.35.2.61 2002/06/05 08:18:09 darrenr Exp $";
+static const char rcsid[] = "@(#)$Id: fil.c,v 2.35.2.63 2002/08/28 12:40:08 darrenr Exp $";
#endif
#ifndef _KERNEL
@@ -1076,7 +1076,7 @@ int out;
fin->fin_fr = fr;
if ((pass & (FR_KEEPFRAG|FR_KEEPSTATE)) == FR_KEEPFRAG) {
if (fin->fin_fl & FI_FRAG) {
- if (ipfr_newfrag(ip, fin, pass) == -1) {
+ if (ipfr_newfrag(ip, fin) == -1) {
ATOMIC_INCL(frstats[out].fr_bnfr);
} else {
ATOMIC_INCL(frstats[out].fr_nfr);
@@ -1191,7 +1191,16 @@ logit:
* some operating systems.
*/
if (!out) {
- if (pass & FR_RETICMP) {
+ if (changed == -1)
+ /*
+ * If a packet results in a NAT error, do not
+ * send a reset or ICMP error as it may disrupt
+ * an existing flow. This is the proxy saying
+ * the content is bad so just drop the packet
+ * silently.
+ */
+ ;
+ else if (pass & FR_RETICMP) {
int dst;
if ((pass & FR_RETMASK) == FR_FAKEICMP)
@@ -1501,7 +1510,7 @@ nodata:
* SUCH DAMAGE.
*
* @(#)uipc_mbuf.c 8.2 (Berkeley) 1/4/94
- * $Id: fil.c,v 2.35.2.61 2002/06/05 08:18:09 darrenr Exp $
+ * $Id: fil.c,v 2.35.2.63 2002/08/28 12:40:08 darrenr Exp $
*/
/*
* Copy data from an mbuf chain starting "off" bytes from the beginning,