cvs commit: src/sys/contrib/ipfilter/netinet
YONETANI Tomokazu
qhwt+dfly at les.ath.cx
Fri Sep 24 19:56:44 PDT 2004
On Sat, Aug 28, 2004 at 12:27:02AM -0700, Matthew Dillon wrote:
> dillon 2004/08/28 00:27:02 PDT
>
> DragonFly src repository
>
> Modified files:
> sys/contrib/ipfilter/netinet ip_state.c
> Log:
> TCPS_CLOSED is no longer 0 in DragonFly. Because ipfilter was assuming
> that TCPS_CLOSED was 0, the tcp keep state table was never properly
> initialized and ipfilter considered most tcp packets to be bad. Change
> ip_state.c to properly initialize the starting state for new tcp keep
> state entries.
>
> Problems reported by: Toma<9E> Bor<9A>tna <tomaz.borstnar at xxxxxxxx>,
> Bernhard Valenti <bernhard.valenti at xxxxxxx>,
> Peter Kadau <peter.kadau at xxxxxxxxxxxxxxxx>
>
> Revision Changes Path
> 1.8 +4 -1 src/sys/contrib/ipfilter/netinet/ip_state.c
Without the following modification, my DragonFly nat box closes TCP
connections every ten minutes. I'm not 100% sure how the new TCP
state TCPS_TERMINATING should be handled inside ipfilter code, though.
Index: contrib/ipfilter/netinet/ip_nat.c
===================================================================
RCS file: /home/source/dragonfly/cvs/src/sys/contrib/ipfilter/netinet/ip_nat.c,v
retrieving revision 1.7
diff -u -r1.7 ip_nat.c
--- contrib/ipfilter/netinet/ip_nat.c 28 Jul 2004 00:22:37 -0000 1.7
+++ contrib/ipfilter/netinet/ip_nat.c 25 Sep 2004 02:18:31 -0000
@@ -1202,6 +1202,8 @@
}
bzero((char *)nat, sizeof(*nat));
+ nat->nat_tcpstate[0] = TCPS_CLOSED;
+ nat->nat_tcpstate[1] = TCPS_CLOSED;
nat->nat_flags = flags;
if (flags & FI_WILDP)
nat_stats.ns_wilds++;
Index: contrib/ipfilter/netinet/ip_state.c
===================================================================
RCS file: /home/source/dragonfly/cvs/src/sys/contrib/ipfilter/netinet/ip_state.c,v
retrieving revision 1.8
diff -u -r1.8 ip_state.c
--- contrib/ipfilter/netinet/ip_state.c 28 Aug 2004 07:27:02 -0000 1.8
+++ contrib/ipfilter/netinet/ip_state.c 25 Sep 2004 02:39:58 -0000
@@ -2093,6 +2093,10 @@
newage = fr_tcptimeout; /* default 4 mins */
/* we're in 2MSL timeout now */
break;
+ default:
+ printf("fr_tcp_age: unhandled state %d %s %d\n",
+ state[0], dir == 0 ? "->" : "<-", state[1]);
+ break;
}
if (newage != 0) {
More information about the Commits
mailing list