Changeset View
Changeset View
Standalone View
Standalone View
sys/netpfil/ipfw/ip_fw2.c
Show First 20 Lines • Show All 324 Lines • ▼ Show 20 Lines | for (; x > 0; x -= optlen, cp += optlen) { | ||||
case IPOPT_TS: | case IPOPT_TS: | ||||
bits |= IP_FW_IPOPT_TS; | bits |= IP_FW_IPOPT_TS; | ||||
break; | break; | ||||
} | } | ||||
} | } | ||||
return (flags_match(cmd, bits)); | return (flags_match(cmd, bits)); | ||||
} | } | ||||
static int | static int | ||||
melifaro: Would help if we add a comment suggesting that the parsing logic mimics one from `tcp_dooptions… | |||||
tcpopts_parse(struct tcphdr *tcp, uint16_t *mss) | tcpopts_parse(struct tcphdr *tcp, uint16_t *mss) | ||||
melifaroUnsubmitted Done Inline ActionsSince we're talking about safeness: can we change the signature to be const struct tcphdr *tcp? melifaro: Since we're talking about safeness: can we change the signature to be `const struct tcphdr… | |||||
{ | { | ||||
u_char *cp = (u_char *)(tcp + 1); | u_char *cp = (u_char *)(tcp + 1); | ||||
int optlen, bits = 0; | int optlen, bits = 0; | ||||
int x = (tcp->th_off << 2) - sizeof(struct tcphdr); | int x = (tcp->th_off << 2) - sizeof(struct tcphdr); | ||||
melifaroUnsubmitted Done Inline ActionsWould it be possible to rename x to something more resembling the remaining byte count? For example, tcp_dooptions() uses cnt for the similar purpose. melifaro: Would it be possible to rename `x` to something more resembling the remaining byte count?
For… | |||||
for (; x > 0; x -= optlen, cp += optlen) { | for (; x > 0; x -= optlen, cp += optlen) { | ||||
int opt = cp[0]; | int opt = cp[0]; | ||||
if (opt == TCPOPT_EOL) | if (opt == TCPOPT_EOL) | ||||
break; | break; | ||||
if (opt == TCPOPT_NOP) | if (opt == TCPOPT_NOP) | ||||
optlen = 1; | optlen = 1; | ||||
else { | else { | ||||
if (x < 2) | |||||
break; | |||||
optlen = cp[1]; | optlen = cp[1]; | ||||
if (optlen <= 0) | if (optlen < 2 || optlen > x) | ||||
break; | break; | ||||
} | } | ||||
switch (opt) { | switch (opt) { | ||||
default: | default: | ||||
break; | break; | ||||
case TCPOPT_MAXSEG: | case TCPOPT_MAXSEG: | ||||
if (optlen != TCPOLEN_MAXSEG) | |||||
break; | |||||
bits |= IP_FW_TCPOPT_MSS; | bits |= IP_FW_TCPOPT_MSS; | ||||
if (mss != NULL) | if (mss != NULL) | ||||
*mss = be16dec(cp + 2); | *mss = be16dec(cp + 2); | ||||
break; | break; | ||||
case TCPOPT_WINDOW: | case TCPOPT_WINDOW: | ||||
if (optlen == TCPOLEN_WINDOW) | |||||
bits |= IP_FW_TCPOPT_WINDOW; | bits |= IP_FW_TCPOPT_WINDOW; | ||||
break; | break; | ||||
case TCPOPT_SACK_PERMITTED: | case TCPOPT_SACK_PERMITTED: | ||||
if (optlen == TCPOLEN_SACK_PERMITTED) | |||||
bits |= IP_FW_TCPOPT_SACK; | |||||
break; | |||||
case TCPOPT_SACK: | case TCPOPT_SACK: | ||||
if (optlen > 2 && (optlen - 2) % TCPOLEN_SACK == 0) | |||||
bits |= IP_FW_TCPOPT_SACK; | bits |= IP_FW_TCPOPT_SACK; | ||||
break; | break; | ||||
case TCPOPT_TIMESTAMP: | case TCPOPT_TIMESTAMP: | ||||
if (optlen == TCPOLEN_TIMESTAMP) | |||||
bits |= IP_FW_TCPOPT_TS; | bits |= IP_FW_TCPOPT_TS; | ||||
break; | break; | ||||
} | } | ||||
} | } | ||||
return (bits); | return (bits); | ||||
} | } | ||||
static int | static int | ||||
tcpopts_match(struct tcphdr *tcp, ipfw_insn *cmd) | tcpopts_match(struct tcphdr *tcp, ipfw_insn *cmd) | ||||
▲ Show 20 Lines • Show All 3,158 Lines • Show Last 20 Lines |
Would help if we add a comment suggesting that the parsing logic mimics one from tcp_dooptions().