cvs commit: src/sys/contrib/ipfilter/netinet

YONETANI Tomokazu qhwt+dfly at les.ath.cx
Fri Sep 24 19:56:44 PDT 2004


On Sat, Aug 28, 2004 at 12:27:02AM -0700, Matthew Dillon wrote:
> dillon      2004/08/28 00:27:02 PDT
> 
> DragonFly src repository
> 
>   Modified files:
>     sys/contrib/ipfilter/netinet ip_state.c 
>   Log:
>   TCPS_CLOSED is no longer 0 in DragonFly.  Because ipfilter was assuming
>   that TCPS_CLOSED was 0, the tcp keep state table was never properly
>   initialized and ipfilter considered most tcp packets to be bad.  Change
>   ip_state.c to properly initialize the starting state for new tcp keep
>   state entries.
>   
>   Problems reported by: Toma<9E> Bor<9A>tna <tomaz.borstnar at xxxxxxxx>,
>   			Bernhard Valenti <bernhard.valenti at xxxxxxx>,
>   			Peter Kadau <peter.kadau at xxxxxxxxxxxxxxxx>
>   
>   Revision  Changes    Path
>   1.8       +4 -1      src/sys/contrib/ipfilter/netinet/ip_state.c

Without the following modification, my DragonFly nat box closes TCP
connections every ten minutes. I'm not 100% sure how the new TCP
state TCPS_TERMINATING should be handled inside ipfilter code, though.

Index: contrib/ipfilter/netinet/ip_nat.c
===================================================================
RCS file: /home/source/dragonfly/cvs/src/sys/contrib/ipfilter/netinet/ip_nat.c,v
retrieving revision 1.7
diff -u -r1.7 ip_nat.c
--- contrib/ipfilter/netinet/ip_nat.c	28 Jul 2004 00:22:37 -0000	1.7
+++ contrib/ipfilter/netinet/ip_nat.c	25 Sep 2004 02:18:31 -0000
@@ -1202,6 +1202,8 @@
 	}
 
 	bzero((char *)nat, sizeof(*nat));
+	nat->nat_tcpstate[0] = TCPS_CLOSED;
+	nat->nat_tcpstate[1] = TCPS_CLOSED;
 	nat->nat_flags = flags;
 	if (flags & FI_WILDP)
 		nat_stats.ns_wilds++;
Index: contrib/ipfilter/netinet/ip_state.c
===================================================================
RCS file: /home/source/dragonfly/cvs/src/sys/contrib/ipfilter/netinet/ip_state.c,v
retrieving revision 1.8
diff -u -r1.8 ip_state.c
--- contrib/ipfilter/netinet/ip_state.c	28 Aug 2004 07:27:02 -0000	1.8
+++ contrib/ipfilter/netinet/ip_state.c	25 Sep 2004 02:39:58 -0000
@@ -2093,6 +2093,10 @@
 		newage = fr_tcptimeout; /* default 4 mins */
 		/* we're in 2MSL timeout now */
 		break;
+	default:
+		printf("fr_tcp_age: unhandled state %d %s %d\n",
+		    state[0], dir == 0 ? "->" : "<-", state[1]);
+		break;
 	}
 
 	if (newage != 0) {





More information about the Commits mailing list