Changeset View
Changeset View
Standalone View
Standalone View
sys/netpfil/ipfw/pmod/tcpmod.c
| Show First 20 Lines • Show All 47 Lines • ▼ Show 20 Lines | |||||
| #include <netinet/ip_fw.h> | #include <netinet/ip_fw.h> | ||||
| #include <netinet/ip6.h> | #include <netinet/ip6.h> | ||||
| #include <netpfil/ipfw/ip_fw_private.h> | #include <netpfil/ipfw/ip_fw_private.h> | ||||
| #include <netpfil/ipfw/pmod/pmod.h> | #include <netpfil/ipfw/pmod/pmod.h> | ||||
| #include <machine/in_cksum.h> | #include <machine/in_cksum.h> | ||||
| VNET_DEFINE_STATIC(uint16_t, tcpmod_setmss_eid) = 0; | VNET_DEFINE_STATIC(uint32_t, tcpmod_setmss_eid) = 0; | ||||
| #define V_tcpmod_setmss_eid VNET(tcpmod_setmss_eid) | #define V_tcpmod_setmss_eid VNET(tcpmod_setmss_eid) | ||||
| static int | static int | ||||
| tcpmod_setmss(struct mbuf **mp, struct tcphdr *tcp, int tlen, uint16_t mss) | tcpmod_setmss(struct mbuf **mp, struct tcphdr *tcp, int tlen, uint16_t mss) | ||||
| { | { | ||||
| struct mbuf *m; | struct mbuf *m; | ||||
| u_char *cp; | u_char *cp; | ||||
| int optlen, ret; | int optlen, ret; | ||||
| ▲ Show 20 Lines • Show All 108 Lines • ▼ Show 20 Lines | |||||
| ipfw_tcpmod(struct ip_fw_chain *chain, struct ip_fw_args *args, | ipfw_tcpmod(struct ip_fw_chain *chain, struct ip_fw_args *args, | ||||
| ipfw_insn *cmd, int *done) | ipfw_insn *cmd, int *done) | ||||
| { | { | ||||
| ipfw_insn *icmd; | ipfw_insn *icmd; | ||||
| int ret; | int ret; | ||||
| *done = 0; /* try next rule if not matched */ | *done = 0; /* try next rule if not matched */ | ||||
| ret = IP_FW_DENY; | ret = IP_FW_DENY; | ||||
| icmd = cmd + 1; | icmd = cmd + F_LEN(cmd); | ||||
| if (cmd->opcode != O_EXTERNAL_ACTION || | if (cmd->opcode != O_EXTERNAL_ACTION || | ||||
| cmd->arg1 != V_tcpmod_setmss_eid || | insntod(cmd, kidx)->kidx != V_tcpmod_setmss_eid || | ||||
| icmd->opcode != O_EXTERNAL_DATA || | icmd->opcode != O_EXTERNAL_DATA || | ||||
| icmd->len != F_INSN_SIZE(ipfw_insn)) | icmd->len != F_INSN_SIZE(ipfw_insn)) | ||||
| return (ret); | return (ret); | ||||
| /* | /* | ||||
| * NOTE: ipfw_chk() can set f_id.proto from IPv6 fragment header, | * NOTE: ipfw_chk() can set f_id.proto from IPv6 fragment header, | ||||
| * but f_id._flags can be filled only from real TCP header. | * but f_id._flags can be filled only from real TCP header. | ||||
| * | * | ||||
| ▲ Show 20 Lines • Show All 51 Lines • Show Last 20 Lines | |||||