cvs commit: src/sys/contrib/ipfilter/netinet

Matthew Dillon dillon at apollo.backplane.com
Fri Sep 24 20:44:22 PDT 2004


:>   TCPS_CLOSED is no longer 0 in DragonFly.  Because ipfilter was assuming
:...
:
:Without the following modification, my DragonFly nat box closes TCP
:connections every ten minutes. I'm not 100% sure how the new TCP
:state TCPS_TERMINATING should be handled inside ipfilter code, though.

    Ok, I fixed ip_nat as per your patch.

    The ipfilter should never see the TCPS_TERMINATING state since it
    only applies to wildcard sockets (listen()) being closed.

					-Matt
					Matthew Dillon 
					<dillon at xxxxxxxxxxxxx>
:
:Index: contrib/ipfilter/netinet/ip_nat.c
:===================================================================
:RCS file: /home/source/dragonfly/cvs/src/sys/contrib/ipfilter/netinet/ip_nat.c,v
:retrieving revision 1.7
:diff -u -r1.7 ip_nat.c
:--- contrib/ipfilter/netinet/ip_nat.c	28 Jul 2004 00:22:37 -0000	1.7
:+++ contrib/ipfilter/netinet/ip_nat.c	25 Sep 2004 02:18:31 -0000
:@@ -1202,6 +1202,8 @@
: 	}
: 
: 	bzero((char *)nat, sizeof(*nat));
:+	nat->nat_tcpstate[0] = TCPS_CLOSED;
:+	nat->nat_tcpstate[1] = TCPS_CLOSED;
: 	nat->nat_flags = flags;
: 	if (flags & FI_WILDP)
: 		nat_stats.ns_wilds++;
:Index: contrib/ipfilter/netinet/ip_state.c
:===================================================================
:RCS file: /home/source/dragonfly/cvs/src/sys/contrib/ipfilter/netinet/ip_state.c,v
:retrieving revision 1.8
:diff -u -r1.8 ip_state.c
:--- contrib/ipfilter/netinet/ip_state.c	28 Aug 2004 07:27:02 -0000	1.8
:+++ contrib/ipfilter/netinet/ip_state.c	25 Sep 2004 02:39:58 -0000
:@@ -2093,6 +2093,10 @@
: 		newage = fr_tcptimeout; /* default 4 mins */
: 		/* we're in 2MSL timeout now */
: 		break;
:+	default:
:+		printf("fr_tcp_age: unhandled state %d %s %d\n",
:+		    state[0], dir == 0 ? "->" : "<-", state[1]);
:+		break;
: 	}
: 
: 	if (newage != 0) {
:






More information about the Commits mailing list