diff options
| author | Darren Reed <darrenr@FreeBSD.org> | 2002-08-28 13:26:02 +0000 |
|---|---|---|
| committer | Darren Reed <darrenr@FreeBSD.org> | 2002-08-28 13:26:02 +0000 |
| commit | 4ba500330af9947ec88524af0ff9d10e4d465e3a (patch) | |
| tree | efab0bcd8c6e584fc4f6c43d7d7e752dbfb8463b /sys/contrib/ipfilter/netinet/fil.c | |
| parent | 39cf61414ceccbb5948110f94ed340ae89a86b41 (diff) | |
| download | src-4ba500330af9947ec88524af0ff9d10e4d465e3a.tar.gz src-4ba500330af9947ec88524af0ff9d10e4d465e3a.zip | |
Import IPfilter 3.4.29. Main purpose is to address ftp proxy problems.
Notes
Notes:
svn path=/vendor-sys/ipfilter/dist-old/; revision=102516
Diffstat (limited to 'sys/contrib/ipfilter/netinet/fil.c')
| -rw-r--r-- | sys/contrib/ipfilter/netinet/fil.c | 17 |
1 files changed, 13 insertions, 4 deletions
diff --git a/sys/contrib/ipfilter/netinet/fil.c b/sys/contrib/ipfilter/netinet/fil.c index ed319d4b52e9..146e70aac1df 100644 --- a/sys/contrib/ipfilter/netinet/fil.c +++ b/sys/contrib/ipfilter/netinet/fil.c @@ -97,7 +97,7 @@ #if !defined(lint) static const char sccsid[] = "@(#)fil.c 1.36 6/5/96 (C) 1993-2000 Darren Reed"; -static const char rcsid[] = "@(#)$Id: fil.c,v 2.35.2.61 2002/06/05 08:18:09 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: fil.c,v 2.35.2.63 2002/08/28 12:40:08 darrenr Exp $"; #endif #ifndef _KERNEL @@ -1076,7 +1076,7 @@ int out; fin->fin_fr = fr; if ((pass & (FR_KEEPFRAG|FR_KEEPSTATE)) == FR_KEEPFRAG) { if (fin->fin_fl & FI_FRAG) { - if (ipfr_newfrag(ip, fin, pass) == -1) { + if (ipfr_newfrag(ip, fin) == -1) { ATOMIC_INCL(frstats[out].fr_bnfr); } else { ATOMIC_INCL(frstats[out].fr_nfr); @@ -1191,7 +1191,16 @@ logit: * some operating systems. */ if (!out) { - if (pass & FR_RETICMP) { + if (changed == -1) + /* + * If a packet results in a NAT error, do not + * send a reset or ICMP error as it may disrupt + * an existing flow. This is the proxy saying + * the content is bad so just drop the packet + * silently. + */ + ; + else if (pass & FR_RETICMP) { int dst; if ((pass & FR_RETMASK) == FR_FAKEICMP) @@ -1501,7 +1510,7 @@ nodata: * SUCH DAMAGE. * * @(#)uipc_mbuf.c 8.2 (Berkeley) 1/4/94 - * $Id: fil.c,v 2.35.2.61 2002/06/05 08:18:09 darrenr Exp $ + * $Id: fil.c,v 2.35.2.63 2002/08/28 12:40:08 darrenr Exp $ */ /* * Copy data from an mbuf chain starting "off" bytes from the beginning, |