[prev in list] [next in list] [prev in thread] [next in thread]
List: ipfilter
Subject: 3.1.1 - solaris patch (other one)
From: Darren Reed <darrenr () cyber ! com ! au>
Date: 1996-10-31 14:53:50
[Download RAW message or body]
This is aimed at solving the Ultra problem as well as the PPP problem.
Again, I've tested it briefly and it works...but no ultra :(
(Better comments so I'll say less :)
Hmmm, now that I'm thinking of it, a check for ip_len against the mblk
data size using msgdsize would probably be a good idea too...later for that.
Problem is rejecting packets like that here stops them showing up in
netstat -s output.
Index: solaris.c
===================================================================
RCS file: /devel/CVS/IP-Filter/solaris.c,v
retrieving revision 1.2.4.3
diff -c -r1.2.4.3 solaris.c
*** 1.2.4.3 1996/10/24 15:46:01
--- solaris.c 1996/10/31 14:47:29
***************
*** 264,269 ****
--- 264,283 ----
}
+ #define INC_RPTR(m,l) \
+ { \
+ register mblk_t *mz = (m); \
+ register int zl = (l), mvz; \
+ \
+ while (zl && mz) { \
+ mvz = MIN(mz->b_wptr - mz->b_rptr, zl); \
+ mz->b_rptr += mvz; \
+ zl -= mvz; \
+ mz = mz->b_cont; \
+ } \
+ } \
+
+
/*
* find the first data mblk, if present, in the chain we're processing. Also
* make a few sanity checks to try prevent the filter from causing a panic -
***************
*** 277,283 ****
int out;
{
u_long lbuf[48];
! mblk_t *m, *md;
register ip_t *ip;
u_char *rptr;
int iphlen, hlen, len, err;
--- 291,297 ----
int out;
{
u_long lbuf[48];
! mblk_t *m, *md, *mp1, *mt = *mp;
register ip_t *ip;
u_char *rptr;
int iphlen, hlen, len, err;
***************
*** 286,308 ****
* Find the first data block, count the data blocks in this chain and
* the total amount of data.
*/
! for (m = *mp; m && MTYPE(m) != M_DATA; m = m->b_cont)
;
if (!m)
return 0; /* No data blocks */
rptr = m->b_rptr;
! if (out && (m == *mp))
m->b_rptr += qif->qf_hl;
ip = (ip_t *)m->b_rptr;
if (ip->ip_v == IPVERSION) {
- #ifndef sparc
- ip->ip_len = ntohs(ip->ip_len);
- ip->ip_off = ntohs(ip->ip_off);
- #endif
hlen = iphlen = ip->ip_hl << 2;
if (!(ip->ip_off & 0x1fff))
switch (ip->ip_p)
{
--- 300,319 ----
* Find the first data block, count the data blocks in this chain and
* the total amount of data.
*/
! for (m = mt; m && MTYPE(m) != M_DATA; m = m->b_cont)
;
if (!m)
return 0; /* No data blocks */
rptr = m->b_rptr;
! if (out && (m == mt))
m->b_rptr += qif->qf_hl;
ip = (ip_t *)m->b_rptr;
if (ip->ip_v == IPVERSION) {
hlen = iphlen = ip->ip_hl << 2;
+
if (!(ip->ip_off & 0x1fff))
switch (ip->ip_p)
{
***************
*** 319,324 ****
--- 330,368 ----
break;
}
+ /*
+ * Ok, the IP header isn't on a 32bit aligned address.
+ * To get around this, we allocate a new buffer which will
+ * hold the header, copy the header, then adjbust mblks
+ * accordingly. Note, that this covers the case which would
+ * otherwise be handled by pullupmsg() through copyout_mblk.
+ */
+ if (!OK_32PTR(ip)) {
+ if (!(mp1 = allocb(hlen, BPRI_HI)))
+ return -1;
+ copyout_mblk(m, 0, mp1->b_wptr, hlen);
+ mp1->b_wptr += hlen;
+ if (rptr != m->b_rptr) { /* after this */
+ INC_RPTR(m, hlen);
+ m->b_rptr = rptr;
+ m->b_wptr = (char *)ip;
+ mp1->b_cont = m->b_cont;
+ m->b_cont = mp1;
+ } else {
+ INC_RPTR(m, hlen);
+ mp1->b_cont = m;
+ }
+ if (m == mt)
+ *mp = mp1;
+ m = mp1;
+ rptr = m->b_rptr;
+ ip = (ip_t *)rptr;
+ }
+
+ #ifndef sparc
+ ip->ip_len = ntohs(ip->ip_len);
+ ip->ip_off = ntohs(ip->ip_off);
+ #endif
len = (char *)m->b_wptr - (char *)ip;
if ((iphlen < sizeof(ip_t)) || (iphlen > ip->ip_len) ||
(hlen > len)) {
***************
*** 330,336 ****
return -1;
}
err = fr_check(ip, iphlen, qif->qf_ill, out, qif, q, mp);
! if ((m = *mp))
m->b_rptr = rptr;
#ifndef sparc
ip->ip_len = htons(ip->ip_len);
--- 374,380 ----
return -1;
}
err = fr_check(ip, iphlen, qif->qf_ill, out, qif, q, mp);
! if (*mp)
m->b_rptr = rptr;
#ifndef sparc
ip->ip_len = htons(ip->ip_len);
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic