From e5f75e8ece5d1a8d3c17bd0156082caf153d3779 Mon Sep 17 00:00:00 2001
From: Roland McGrath <roland@gnu.org>
Date: Sat, 5 Feb 2000 12:21:17 +0000
Subject: Import of Linux 2.2.14 subset (ipv4 stack and related)

---
 pfinet/linux-src/net/ipv4/ip_fw.c | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

(limited to 'pfinet/linux-src/net/ipv4/ip_fw.c')

diff --git a/pfinet/linux-src/net/ipv4/ip_fw.c b/pfinet/linux-src/net/ipv4/ip_fw.c
index 6319b89e..400f46c0 100644
--- a/pfinet/linux-src/net/ipv4/ip_fw.c
+++ b/pfinet/linux-src/net/ipv4/ip_fw.c
@@ -40,11 +40,12 @@
  * 23-Jul-1999: Fixed small fragment security exposure opened on 15-May-1998.
  *              John McDonald <jm@dataprotect.com>
  *              Thomas Lopatic <tl@dataprotect.com>
+ * 21-Oct-1999: Applied count fix by Emanuele Caratti <wiz@iol.it> --RR
  */
 
 /*
  *
- * The origina Linux port was done Alan Cox, with changes/fixes from
+ * The original Linux port was done Alan Cox, with changes/fixes from
  * Pauline Middlelink, Jos Vos, Thomas Quinot, Wouter Gadeyne, Juan
  * Jose Ciarlante, Bernd Eckenfels, Keith Owens and others.
  * 
@@ -86,6 +87,7 @@
 #include <net/udp.h>
 #include <net/sock.h>
 #include <net/icmp.h>
+#include <net/ip_masq.h>
 #include <linux/netlink.h>
 #include <linux/init.h>
 #include <linux/firewall.h>
@@ -228,6 +230,7 @@ struct ip_reent
 {
 	struct ip_chain *prevchain;	/* Pointer to referencing chain */
 	struct ip_fwkernel *prevrule;	/* Pointer to referencing rule */
+	unsigned int count;
 	struct ip_counters counters;
 };
 
@@ -488,7 +491,10 @@ static int find_special(ip_chainlabel label, int *answer)
                 static int enabled = 0;
 
                 if(!enabled)
+                {
+                	enabled=1;
                         sysctl_ip_always_defrag++;
+                }
 		*answer = FW_REDIRECT;
 		return 1;
 #endif
@@ -729,8 +735,8 @@ ip_fw_check(struct iphdr *ip,
 	else FWC_HAVE_LOCK(fwc_rlocks);
 
 	f = chain->chain;
+	count = 0;
 	do {
-		count = 0;
 		for (; f; f = f->next) {
 			count++;
 			if (ip_rule_match(f,rif,ip,
@@ -768,10 +774,12 @@ ip_fw_check(struct iphdr *ip,
 				else {
 					f->branch->reent[slot].prevchain 
 						= chain;
+					f->branch->reent[slot].count = count;
 					f->branch->reent[slot].prevrule 
 						= f->next;
 					chain = f->branch;
 					f = chain->chain;
+					count = 0;
 				}
 			}
 			else if (f->simplebranch == FW_SKIP) 
@@ -790,6 +798,7 @@ ip_fw_check(struct iphdr *ip,
 			if (chain->reent[slot].prevchain) {
 				struct ip_chain *tmp = chain;
 				f = chain->reent[slot].prevrule;
+				count = chain->reent[slot].count;
 				chain = chain->reent[slot].prevchain;
 				tmp->reent[slot].prevchain = NULL;
 			}
-- 
cgit v1.2.3