Differential D20583 Diff 58560 head/sys/contrib/ipfilter/netinet/fil.c

Changeset View

Standalone View

head/sys/contrib/ipfilter/netinet/fil.c

This file is larger than 256 KB, so syntax highlighting is disabled by default.

Show First 20 Lines • Show All 3,416 Lines • ▼ Show 20 Lines
#endif		#endif
hlen = IP_HL(ip) << 2;		hlen = IP_HL(ip) << 2;
off = hlen;		off = hlen;
sp = (u_short *)&ip->ip_src;		sp = (u_short *)&ip->ip_src;
sum += sp++; / ip_src */		sum += sp++; / ip_src */
sum += *sp++;		sum += *sp++;
sum += sp++; / ip_dst */		sum += sp++; / ip_dst */
sum += *sp++;		sum += *sp++;
		slen = fin->fin_plen - off;
		sum += htons(slen);
#ifdef USE_INET6		#ifdef USE_INET6
} else if (IP_V(ip) == 6) {		} else if (IP_V(ip) == 6) {
		mb_t *m;

		m = fin->fin_m;
ip6 = (ip6_t *)ip;		ip6 = (ip6_t *)ip;
hlen = sizeof(*ip6);		off = ((caddr_t)ip6 - m->m_data) + sizeof(struct ip6_hdr);
off = ((char )fin->fin_dp - (char )fin->fin_ip);		int len = ntohs(ip6->ip6_plen) - (off - sizeof(*ip6));
sp = (u_short *)&ip6->ip6_src;		return(ipf_pcksum6(fin, ip6, off, len));
sum += sp++; / ip6_src */
sum += *sp++;
sum += *sp++;
sum += *sp++;
sum += *sp++;
sum += *sp++;
sum += *sp++;
sum += *sp++;
/* This needs to be routing header aware. */
sum += sp++; / ip6_dst */
sum += *sp++;
sum += *sp++;
sum += *sp++;
sum += *sp++;
sum += *sp++;
sum += *sp++;
sum += *sp++;
} else {		} else {
return 0xffff;		return 0xffff;
}		}
#endif		#endif
slen = fin->fin_plen - off;
sum += htons(slen);

switch (l4proto)		switch (l4proto)
{		{
case IPPROTO_UDP :		case IPPROTO_UDP :
csump = &((udphdr_t *)l4hdr)->uh_sum;		csump = &((udphdr_t *)l4hdr)->uh_sum;
break;		break;

case IPPROTO_TCP :		case IPPROTO_TCP :
▲ Show 20 Lines • Show All 3,178 Lines • ▼ Show 20 Lines	ipf_checkl4sum(fin)
/*		/*
* If the TCP packet isn't a fragment, isn't too short and otherwise		* If the TCP packet isn't a fragment, isn't too short and otherwise
* isn't already considered "bad", then validate the checksum. If		* isn't already considered "bad", then validate the checksum. If
* this check fails then considered the packet to be "bad".		* this check fails then considered the packet to be "bad".
*/		*/
if ((fin->fin_flx & (FI_FRAG\|FI_SHORT\|FI_BAD)) != 0)		if ((fin->fin_flx & (FI_FRAG\|FI_SHORT\|FI_BAD)) != 0)
return 1;		return 1;

		DT2(l4sumo, int, fin->fin_out, int, (int)fin->fin_p);
		if (fin->fin_out == 1) {
		fin->fin_cksum = FI_CK_SUMOK;
		return 0;
		}

csump = NULL;		csump = NULL;
hdrsum = 0;		hdrsum = 0;
dosum = 0;		dosum = 0;
sum = 0;		sum = 0;

switch (fin->fin_p)		switch (fin->fin_p)
{		{
case IPPROTO_TCP :		case IPPROTO_TCP :
Show All 35 Lines
#if !defined(_KERNEL)		#if !defined(_KERNEL)
if (sum == hdrsum) {		if (sum == hdrsum) {
FR_DEBUG(("checkl4sum: %hx == %hx\n", sum, hdrsum));		FR_DEBUG(("checkl4sum: %hx == %hx\n", sum, hdrsum));
} else {		} else {
FR_DEBUG(("checkl4sum: %hx != %hx\n", sum, hdrsum));		FR_DEBUG(("checkl4sum: %hx != %hx\n", sum, hdrsum));
}		}
#endif		#endif
DT2(l4sums, u_short, hdrsum, u_short, sum);		DT2(l4sums, u_short, hdrsum, u_short, sum);
		#ifdef USE_INET6
		if (hdrsum == sum \|\| (sum == 0 && fin->fin_p == IPPROTO_ICMPV6)) {
		#else
if (hdrsum == sum) {		if (hdrsum == sum) {
		#endif
fin->fin_cksum = FI_CK_SUMOK;		fin->fin_cksum = FI_CK_SUMOK;
return 0;		return 0;
}		}
fin->fin_cksum = FI_CK_BAD;		fin->fin_cksum = FI_CK_BAD;
return -1;		return -1;
}		}


▲ Show 20 Lines • Show All 3,523 Lines • Show Last 20 Lines