Changeset View
Changeset View
Standalone View
Standalone View
sys/netpfil/ipfw/ip_fw2.c
| Show First 20 Lines • Show All 324 Lines • ▼ Show 20 Lines | for (; x > 0; x -= optlen, cp += optlen) { | ||||
| case IPOPT_TS: | case IPOPT_TS: | ||||
| bits |= IP_FW_IPOPT_TS; | bits |= IP_FW_IPOPT_TS; | ||||
| break; | break; | ||||
| } | } | ||||
| } | } | ||||
| return (flags_match(cmd, bits)); | return (flags_match(cmd, bits)); | ||||
| } | } | ||||
| static int | static int | ||||
melifaro: Would help if we add a comment suggesting that the parsing logic mimics one from `tcp_dooptions… | |||||
| tcpopts_parse(struct tcphdr *tcp, uint16_t *mss) | tcpopts_parse(struct tcphdr *tcp, uint16_t *mss) | ||||
melifaroUnsubmitted Done Inline ActionsSince we're talking about safeness: can we change the signature to be const struct tcphdr *tcp? melifaro: Since we're talking about safeness: can we change the signature to be `const struct tcphdr… | |||||
| { | { | ||||
| u_char *cp = (u_char *)(tcp + 1); | u_char *cp = (u_char *)(tcp + 1); | ||||
| int optlen, bits = 0; | int optlen, bits = 0; | ||||
| int x = (tcp->th_off << 2) - sizeof(struct tcphdr); | int x = (tcp->th_off << 2) - sizeof(struct tcphdr); | ||||
melifaroUnsubmitted Done Inline ActionsWould it be possible to rename x to something more resembling the remaining byte count? For example, tcp_dooptions() uses cnt for the similar purpose. melifaro: Would it be possible to rename `x` to something more resembling the remaining byte count?
For… | |||||
| for (; x > 0; x -= optlen, cp += optlen) { | for (; x > 0; x -= optlen, cp += optlen) { | ||||
| int opt = cp[0]; | int opt = cp[0]; | ||||
| if (opt == TCPOPT_EOL) | if (opt == TCPOPT_EOL) | ||||
| break; | break; | ||||
| if (opt == TCPOPT_NOP) | if (opt == TCPOPT_NOP) | ||||
| optlen = 1; | optlen = 1; | ||||
| else { | else { | ||||
| if (x < 2) | |||||
| break; | |||||
| optlen = cp[1]; | optlen = cp[1]; | ||||
| if (optlen <= 0) | if (optlen < 2 || optlen > x) | ||||
| break; | break; | ||||
| } | } | ||||
| switch (opt) { | switch (opt) { | ||||
| default: | default: | ||||
| break; | break; | ||||
| case TCPOPT_MAXSEG: | case TCPOPT_MAXSEG: | ||||
| if (optlen != TCPOLEN_MAXSEG) | |||||
| break; | |||||
| bits |= IP_FW_TCPOPT_MSS; | bits |= IP_FW_TCPOPT_MSS; | ||||
| if (mss != NULL) | if (mss != NULL) | ||||
| *mss = be16dec(cp + 2); | *mss = be16dec(cp + 2); | ||||
| break; | break; | ||||
| case TCPOPT_WINDOW: | case TCPOPT_WINDOW: | ||||
| if (optlen == TCPOLEN_WINDOW) | |||||
| bits |= IP_FW_TCPOPT_WINDOW; | bits |= IP_FW_TCPOPT_WINDOW; | ||||
| break; | break; | ||||
| case TCPOPT_SACK_PERMITTED: | case TCPOPT_SACK_PERMITTED: | ||||
| if (optlen == TCPOLEN_SACK_PERMITTED) | |||||
| bits |= IP_FW_TCPOPT_SACK; | |||||
| break; | |||||
| case TCPOPT_SACK: | case TCPOPT_SACK: | ||||
| if (optlen > 2 && (optlen - 2) % TCPOLEN_SACK == 0) | |||||
| bits |= IP_FW_TCPOPT_SACK; | bits |= IP_FW_TCPOPT_SACK; | ||||
| break; | break; | ||||
| case TCPOPT_TIMESTAMP: | case TCPOPT_TIMESTAMP: | ||||
| if (optlen == TCPOLEN_TIMESTAMP) | |||||
| bits |= IP_FW_TCPOPT_TS; | bits |= IP_FW_TCPOPT_TS; | ||||
| break; | break; | ||||
| } | } | ||||
| } | } | ||||
| return (bits); | return (bits); | ||||
| } | } | ||||
| static int | static int | ||||
| tcpopts_match(struct tcphdr *tcp, ipfw_insn *cmd) | tcpopts_match(struct tcphdr *tcp, ipfw_insn *cmd) | ||||
| ▲ Show 20 Lines • Show All 3,158 Lines • Show Last 20 Lines | |||||
Would help if we add a comment suggesting that the parsing logic mimics one from tcp_dooptions().