diff options
Diffstat (limited to 'pfinet/linux-src/net/ipv4')
| -rw-r--r-- | pfinet/linux-src/net/ipv4/Config.in | 3 | ||||
| -rw-r--r-- | pfinet/linux-src/net/ipv4/icmp.c | 19 | ||||
| -rw-r--r-- | pfinet/linux-src/net/ipv4/ip_fw.c | 9 | ||||
| -rw-r--r-- | pfinet/linux-src/net/ipv4/ip_input.c | 16 | ||||
| -rw-r--r-- | pfinet/linux-src/net/ipv4/ip_masq.c | 6 | ||||
| -rw-r--r-- | pfinet/linux-src/net/ipv4/ip_masq_autofw.c | 4 | ||||
| -rw-r--r-- | pfinet/linux-src/net/ipv4/ip_masq_mfw.c | 5 | ||||
| -rw-r--r-- | pfinet/linux-src/net/ipv4/ip_masq_portfw.c | 9 | ||||
| -rw-r--r-- | pfinet/linux-src/net/ipv4/ip_masq_user.c | 2 | ||||
| -rw-r--r-- | pfinet/linux-src/net/ipv4/ip_output.c | 4 | ||||
| -rw-r--r-- | pfinet/linux-src/net/ipv4/route.c | 4 | ||||
| -rw-r--r-- | pfinet/linux-src/net/ipv4/sysctl_net_ipv4.c | 7 | ||||
| -rw-r--r-- | pfinet/linux-src/net/ipv4/tcp_ipv4.c | 5 |
13 files changed, 51 insertions, 42 deletions
diff --git a/pfinet/linux-src/net/ipv4/Config.in b/pfinet/linux-src/net/ipv4/Config.in index 29786da5..8982bc1e 100644 --- a/pfinet/linux-src/net/ipv4/Config.in +++ b/pfinet/linux-src/net/ipv4/Config.in @@ -31,14 +31,12 @@ if [ "$CONFIG_FIREWALL" = "y" ]; then define_bool CONFIG_NETLINK_DEV y fi fi - bool 'IP: always defragment (required for masquerading)' CONFIG_IP_ALWAYS_DEFRAG if [ "$CONFIG_IP_MULTIPLE_TABLES" = "y" ]; then bool 'IP: use FWMARK value as routing key' CONFIG_IP_ROUTE_FWMARK fi fi fi if [ "$CONFIG_IP_FIREWALL" = "y" ]; then - if [ "$CONFIG_IP_ALWAYS_DEFRAG" != "n" ]; then bool 'IP: transparent proxy support' CONFIG_IP_TRANSPARENT_PROXY bool 'IP: masquerading' CONFIG_IP_MASQUERADE if [ "$CONFIG_IP_MASQUERADE" != "n" ]; then @@ -54,7 +52,6 @@ if [ "$CONFIG_IP_FIREWALL" = "y" ]; then fi fi fi - fi fi bool 'IP: optimize as router not host' CONFIG_IP_ROUTER tristate 'IP: tunneling' CONFIG_NET_IPIP diff --git a/pfinet/linux-src/net/ipv4/icmp.c b/pfinet/linux-src/net/ipv4/icmp.c index 34b48a93..78c54be8 100644 --- a/pfinet/linux-src/net/ipv4/icmp.c +++ b/pfinet/linux-src/net/ipv4/icmp.c @@ -3,7 +3,7 @@ * * Alan Cox, <alan@redhat.com> * - * Version: $Id: icmp.c,v 1.52.2.2 1999/06/20 21:27:39 davem Exp $ + * Version: $Id: icmp.c,v 1.52.2.3 1999/09/22 16:33:02 davem Exp $ * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -320,6 +320,8 @@ int sysctl_icmp_echo_ignore_broadcasts = 0; /* Control parameter - ignore bogus broadcast responses? */ int sysctl_icmp_ignore_bogus_error_responses =0; +extern int sysctl_ip_always_defrag; + /* * ICMP control array. This specifies what to do with each ICMP. */ @@ -537,10 +539,9 @@ void icmp_send(struct sk_buff *skb_in, int type, int code, unsigned long info) * Now check at the protocol level */ if (!rt) { -#ifndef CONFIG_IP_ALWAYS_DEFRAG - if (net_ratelimit()) + if (sysctl_ip_always_defrag == 0 && + net_ratelimit()) printk(KERN_DEBUG "icmp_send: destinationless packet\n"); -#endif return; } if (rt->rt_flags&(RTCF_BROADCAST|RTCF_MULTICAST)) @@ -698,7 +699,7 @@ static void icmp_unreach(struct icmphdr *icmph, struct sk_buff *skb, int len) break; case ICMP_FRAG_NEEDED: if (ipv4_config.no_pmtu_disc) { - if (net_ratelimit()) + if (sysctl_ip_always_defrag == 0 && net_ratelimit()) printk(KERN_INFO "ICMP: %d.%d.%d.%d: fragmentation needed and DF set.\n", NIPQUAD(iph->daddr)); } else { @@ -710,7 +711,7 @@ static void icmp_unreach(struct icmphdr *icmph, struct sk_buff *skb, int len) } break; case ICMP_SR_FAILED: - if (net_ratelimit()) + if (sysctl_ip_always_defrag == 0 && net_ratelimit()) printk(KERN_INFO "ICMP: %d.%d.%d.%d: Source Route Failed.\n", NIPQUAD(iph->daddr)); break; default: @@ -923,7 +924,7 @@ static void icmp_timestamp(struct icmphdr *icmph, struct sk_buff *skb, int len) static void icmp_address(struct icmphdr *icmph, struct sk_buff *skb, int len) { #if 0 - if (net_ratelimit()) + if (sysctl_ip_always_defrag == 0 && net_ratelimit()) printk(KERN_DEBUG "a guy asks for address mask. Who is it?\n"); #endif } @@ -953,8 +954,8 @@ static void icmp_address_reply(struct icmphdr *icmph, struct sk_buff *skb, int l if (mask == ifa->ifa_mask && inet_ifa_match(rt->rt_src, ifa)) return; } - if (net_ratelimit()) - printk(KERN_INFO "Wrong address mask %08lX from %08lX/%s\n", + if (sysctl_ip_always_defrag == 0 && net_ratelimit()) + printk(KERN_INFO "Wrong address mask %08X from %08X/%s\n", ntohl(mask), ntohl(rt->rt_src), dev->name); } diff --git a/pfinet/linux-src/net/ipv4/ip_fw.c b/pfinet/linux-src/net/ipv4/ip_fw.c index 99a91d53..6319b89e 100644 --- a/pfinet/linux-src/net/ipv4/ip_fw.c +++ b/pfinet/linux-src/net/ipv4/ip_fw.c @@ -422,7 +422,7 @@ static void dump_packet(const struct iphdr *ip, printk("%d ",f->ipfw.fw_redirpt); } - printk("%s PROTO=%d %ld.%ld.%ld.%ld:%hu %ld.%ld.%ld.%ld:%hu" + printk("%s PROTO=%d %d.%d.%d.%d:%hu %d.%d.%d.%d:%hu" " L=%hu S=0x%2.2hX I=%hu F=0x%4.4hX T=%hu", ifname, ip->protocol, (ntohl(ip->saddr)>>24)&0xFF, @@ -484,6 +484,11 @@ static int find_special(ip_chainlabel label, int *answer) return 1; #ifdef CONFIG_IP_TRANSPARENT_PROXY } else if (strcmp(label,IP_FW_LABEL_REDIRECT) == 0) { + extern int sysctl_ip_always_defrag; + static int enabled = 0; + + if(!enabled) + sysctl_ip_always_defrag++; *answer = FW_REDIRECT; return 1; #endif @@ -1537,7 +1542,7 @@ static int dump_rule(char *buffer, len=sprintf(buffer, "%9s " /* Chain name */ - "%08lX/%08lX->%08lX/%08lX " /* Source & Destination IPs */ + "%08X/%08X->%08X/%08X " /* Source & Destination IPs */ "%.16s " /* Interface */ "%X %X " /* fw_flg and fw_invflg fields */ "%u " /* Protocol */ diff --git a/pfinet/linux-src/net/ipv4/ip_input.c b/pfinet/linux-src/net/ipv4/ip_input.c index 7a3e2618..b1725fa3 100644 --- a/pfinet/linux-src/net/ipv4/ip_input.c +++ b/pfinet/linux-src/net/ipv4/ip_input.c @@ -154,6 +154,7 @@ struct ip_mib ip_statistics={2,IPDEFTTL,}; /* Forwarding=No, Default TTL=64 */ +int sysctl_ip_always_defrag = 0; /* * Handle the issuing of an ioctl() request @@ -170,11 +171,6 @@ int ip_ioctl(struct sock *sk, int cmd, unsigned long arg) } } - -#if defined(CONFIG_IP_TRANSPARENT_PROXY) && !defined(CONFIG_IP_ALWAYS_DEFRAG) -#define CONFIG_IP_ALWAYS_DEFRAG 1 -#endif - /* * 0 - deliver * 1 - block @@ -235,18 +231,17 @@ int ip_local_deliver(struct sk_buff *skb) unsigned char hash; int flag = 0; -#ifndef CONFIG_IP_ALWAYS_DEFRAG /* * Reassemble IP fragments. */ - if (iph->frag_off & htons(IP_MF|IP_OFFSET)) { + if (sysctl_ip_always_defrag == 0 && + (iph->frag_off & htons(IP_MF|IP_OFFSET))) { skb = ip_defrag(skb); if (!skb) return 0; iph = skb->nh.iph; } -#endif #ifdef CONFIG_IP_MASQUERADE /* @@ -443,16 +438,15 @@ int ip_rcv(struct sk_buff *skb, struct device *dev, struct packet_type *pt) __skb_trim(skb, len); } -#ifdef CONFIG_IP_ALWAYS_DEFRAG /* Won't send ICMP reply, since skb->dst == NULL. --RR */ - if (iph->frag_off & htons(IP_MF|IP_OFFSET)) { + if (sysctl_ip_always_defrag != 0 && + iph->frag_off & htons(IP_MF|IP_OFFSET)) { skb = ip_defrag(skb); if (!skb) return 0; iph = skb->nh.iph; ip_send_check(iph); } -#endif #ifdef CONFIG_FIREWALL /* diff --git a/pfinet/linux-src/net/ipv4/ip_masq.c b/pfinet/linux-src/net/ipv4/ip_masq.c index 0187c58d..6d0588c0 100644 --- a/pfinet/linux-src/net/ipv4/ip_masq.c +++ b/pfinet/linux-src/net/ipv4/ip_masq.c @@ -880,6 +880,8 @@ static __u16 get_next_mport(void) * Be careful, it can be called from u-space */ +extern int sysctl_ip_always_defrag; + struct ip_masq * ip_masq_new(int proto, __u32 maddr, __u16 mport, __u32 saddr, __u16 sport, __u32 daddr, __u16 dport, unsigned mflags) { struct ip_masq *ms, *mst; @@ -910,6 +912,7 @@ struct ip_masq * ip_masq_new(int proto, __u32 maddr, __u16 mport, __u32 saddr, _ return NULL; } MOD_INC_USE_COUNT; + sysctl_ip_always_defrag++; memset(ms, 0, sizeof(*ms)); INIT_LIST_HEAD(&ms->s_list); INIT_LIST_HEAD(&ms->m_list); @@ -1057,6 +1060,7 @@ struct ip_masq * ip_masq_new(int proto, __u32 maddr, __u16 mport, __u32 saddr, _ mport_nono: kfree_s(ms, sizeof(*ms)); + sysctl_ip_always_defrag--; MOD_DEC_USE_COUNT; return NULL; } @@ -2280,7 +2284,7 @@ static int ip_msqhst_procinfo(char *buffer, char **start, off_t offset, * nor cli() 8) */ - sprintf(temp,"%s %08lX:%04X %08lX:%04X %04X %08X %6d %6d %7lu", + sprintf(temp,"%s %08X:%04X %08X:%04X %04X %08X %6d %6d %7lu", masq_proto_name(ms->protocol), ntohl(ms->saddr), ntohs(ms->sport), ntohl(ms->daddr), ntohs(ms->dport), diff --git a/pfinet/linux-src/net/ipv4/ip_masq_autofw.c b/pfinet/linux-src/net/ipv4/ip_masq_autofw.c index d2a1729c..30301441 100644 --- a/pfinet/linux-src/net/ipv4/ip_masq_autofw.c +++ b/pfinet/linux-src/net/ipv4/ip_masq_autofw.c @@ -2,7 +2,7 @@ * IP_MASQ_AUTOFW auto forwarding module * * - * $Id: ip_masq_autofw.c,v 1.3 1998/08/29 23:51:10 davem Exp $ + * $Id: ip_masq_autofw.c,v 1.3.2.1 1999/08/13 18:26:20 davem Exp $ * * Author: Richard Lynch * @@ -179,13 +179,13 @@ static __inline__ int ip_autofw_add(struct ip_autofw_user * af) { struct ip_autofw * newaf; newaf = kmalloc( sizeof(struct ip_autofw), GFP_KERNEL ); - init_timer(&newaf->timer); if ( newaf == NULL ) { printk("ip_autofw_add: malloc said no\n"); return( ENOMEM ); } + init_timer(&newaf->timer); MOD_INC_USE_COUNT; memcpy(newaf, af, sizeof(struct ip_autofw_user)); diff --git a/pfinet/linux-src/net/ipv4/ip_masq_mfw.c b/pfinet/linux-src/net/ipv4/ip_masq_mfw.c index 60c77970..d28f610a 100644 --- a/pfinet/linux-src/net/ipv4/ip_masq_mfw.c +++ b/pfinet/linux-src/net/ipv4/ip_masq_mfw.c @@ -3,7 +3,7 @@ * * Does (reverse-masq) forwarding based on skb->fwmark value * - * $Id: ip_masq_mfw.c,v 1.3.2.1 1999/07/02 10:10:03 davem Exp $ + * $Id: ip_masq_mfw.c,v 1.3.2.3 1999/09/22 16:33:26 davem Exp $ * * Author: Juan Jose Ciarlante <jjciarla@raiz.uncu.edu.ar> * based on Steven Clarke's portfw @@ -216,6 +216,7 @@ static int mfw_delhost(struct ip_masq_mfw *mfw, struct ip_mfw_user *mu) (!mu->rport || h->port == mu->rport)) { /* HIT */ atomic_dec(&mfw->nhosts); + e = h->list.prev; list_del(&h->list); kfree_s(h, sizeof(*h)); MOD_DEC_USE_COUNT; @@ -687,7 +688,7 @@ static struct ip_masq * mfw_in_create(const struct sk_buff *skb, const struct ip /* * Only open TCP tunnel if SYN+!ACK packet */ - if (!tph.th->syn && tph.th->ack) + if (!tph.th->syn || tph.th->ack) return NULL; case IPPROTO_UDP: break; diff --git a/pfinet/linux-src/net/ipv4/ip_masq_portfw.c b/pfinet/linux-src/net/ipv4/ip_masq_portfw.c index 6c697a10..c4b1ef4c 100644 --- a/pfinet/linux-src/net/ipv4/ip_masq_portfw.c +++ b/pfinet/linux-src/net/ipv4/ip_masq_portfw.c @@ -2,7 +2,7 @@ * IP_MASQ_PORTFW masquerading module * * - * $Id: ip_masq_portfw.c,v 1.3.2.1 1999/07/02 10:10:02 davem Exp $ + * $Id: ip_masq_portfw.c,v 1.3.2.2 1999/08/13 18:26:29 davem Exp $ * * Author: Steven Clarke <steven.clarke@monmouth.demon.co.uk> * @@ -85,7 +85,8 @@ static __inline__ int ip_portfw_del(__u16 protocol, __u16 lport, __u32 laddr, __ (!laddr || n->laddr == laddr) && (!raddr || n->raddr == raddr) && (!rport || n->rport == rport)) { - list_del(entry); + entry = n->list.prev; + list_del(&n->list); ip_masq_mod_dec_nent(mmod_self); kfree_s(n, sizeof(struct ip_portfw)); MOD_DEC_USE_COUNT; @@ -422,8 +423,6 @@ static struct ip_masq * portfw_in_create(const struct sk_buff *skb, const struct raddr, rport, iph->saddr, portp[0], 0); - ip_masq_listen(ms); - if (!ms || atomic_read(&mmod_self->mmod_nent) <= 1 /* || ip_masq_nlocks(&portfw_lock) != 1 */ ) /* @@ -431,6 +430,8 @@ static struct ip_masq * portfw_in_create(const struct sk_buff *skb, const struct */ goto out; + ip_masq_listen(ms); + /* * Entry created, lock==1. * if pref_cnt == 0, move diff --git a/pfinet/linux-src/net/ipv4/ip_masq_user.c b/pfinet/linux-src/net/ipv4/ip_masq_user.c index 51297441..f369f03d 100644 --- a/pfinet/linux-src/net/ipv4/ip_masq_user.c +++ b/pfinet/linux-src/net/ipv4/ip_masq_user.c @@ -2,7 +2,7 @@ * IP_MASQ_USER user space control module * * - * $Id: ip_masq_user.c,v 1.1.2.1 1999/08/07 10:56:33 davem Exp $ + * $Id: ip_masq_user.c,v 1.1.2.2 1999/08/13 18:26:33 davem Exp $ */ #include <linux/config.h> diff --git a/pfinet/linux-src/net/ipv4/ip_output.c b/pfinet/linux-src/net/ipv4/ip_output.c index 44d63557..c8f416ee 100644 --- a/pfinet/linux-src/net/ipv4/ip_output.c +++ b/pfinet/linux-src/net/ipv4/ip_output.c @@ -5,7 +5,7 @@ * * The Internet Protocol (IP) output module. * - * Version: $Id: ip_output.c,v 1.67 1999/03/25 00:43:00 davem Exp $ + * Version: $Id: ip_output.c,v 1.67.2.1 1999/09/07 02:25:23 davem Exp $ * * Authors: Ross Biro, <bir7@leland.Stanford.Edu> * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG> @@ -320,7 +320,7 @@ void ip_queue_xmit(struct sk_buff *skb) if (skb2 == NULL) return; if (sk) - skb_set_owner_w(skb, sk); + skb_set_owner_w(skb2, sk); skb = skb2; iph = skb->nh.iph; } diff --git a/pfinet/linux-src/net/ipv4/route.c b/pfinet/linux-src/net/ipv4/route.c index 06eb5fe5..b308995b 100644 --- a/pfinet/linux-src/net/ipv4/route.c +++ b/pfinet/linux-src/net/ipv4/route.c @@ -717,8 +717,8 @@ void ip_rt_redirect(u32 old_gw, u32 daddr, u32 new_gw, reject_redirect: #ifdef CONFIG_IP_ROUTE_VERBOSE if (IN_DEV_LOG_MARTIANS(in_dev) && net_ratelimit()) - printk(KERN_INFO "Redirect from %lX/%s to %lX ignored." - "Path = %lX -> %lX, tos %02x\n", + printk(KERN_INFO "Redirect from %X/%s to %X ignored." + "Path = %X -> %X, tos %02x\n", ntohl(old_gw), dev->name, ntohl(new_gw), ntohl(saddr), ntohl(daddr), tos); #endif diff --git a/pfinet/linux-src/net/ipv4/sysctl_net_ipv4.c b/pfinet/linux-src/net/ipv4/sysctl_net_ipv4.c index e578e4e7..235b36d1 100644 --- a/pfinet/linux-src/net/ipv4/sysctl_net_ipv4.c +++ b/pfinet/linux-src/net/ipv4/sysctl_net_ipv4.c @@ -1,7 +1,7 @@ /* * sysctl_net_ipv4.c: sysctl interface to net IPV4 subsystem. * - * $Id: sysctl_net_ipv4.c,v 1.38.2.1 1999/08/08 08:43:14 davem Exp $ + * $Id: sysctl_net_ipv4.c,v 1.38.2.2 1999/09/22 16:33:30 davem Exp $ * * Begun April 1, 1996, Mike Shaver. * Added /proc/sys/net/ipv4 directory entry (empty =) ). [MS] @@ -41,6 +41,9 @@ extern int sysctl_ipfrag_time; /* From ip_output.c */ extern int sysctl_ip_dynaddr; +/* From ip_input.c */ +extern int sysctl_ip_always_defrag; + /* From ip_masq.c */ extern int sysctl_ip_masq_debug; @@ -141,6 +144,8 @@ ctl_table ipv4_table[] = { &sysctl_ipfrag_low_thresh, sizeof(int), 0644, NULL, &proc_dointvec}, {NET_IPV4_DYNADDR, "ip_dynaddr", &sysctl_ip_dynaddr, sizeof(int), 0644, NULL, &proc_dointvec}, + {NET_IPV4_ALWAYS_DEFRAG, "ip_always_defrag", + &sysctl_ip_always_defrag, sizeof(int), 0644, NULL, &proc_dointvec}, #ifdef CONFIG_IP_MASQUERADE {NET_IPV4_IP_MASQ_DEBUG, "ip_masq_debug", &sysctl_ip_masq_debug, sizeof(int), 0644, NULL, &proc_dointvec}, diff --git a/pfinet/linux-src/net/ipv4/tcp_ipv4.c b/pfinet/linux-src/net/ipv4/tcp_ipv4.c index c2c78365..904f8b5d 100644 --- a/pfinet/linux-src/net/ipv4/tcp_ipv4.c +++ b/pfinet/linux-src/net/ipv4/tcp_ipv4.c @@ -525,7 +525,8 @@ gotit: static inline __u32 tcp_v4_init_sequence(struct sock *sk, struct sk_buff *skb) { - return secure_tcp_sequence_number(sk->saddr, sk->daddr, + return secure_tcp_sequence_number(skb->nh.iph->daddr, + skb->nh.iph->saddr, skb->h.th->dest, skb->h.th->source); } @@ -1866,7 +1867,7 @@ do_rewrite: /* Ouch!, this should not happen. */ if (!sk->saddr || !sk->rcv_saddr) { printk(KERN_WARNING "tcp_v4_rebuild_header(): not valid sock addrs: " - "saddr=%08lX rcv_saddr=%08lX\n", + "saddr=%08X rcv_saddr=%08X\n", ntohl(sk->saddr), ntohl(sk->rcv_saddr)); return 0; |