diff options
| author |   deraadt <deraadt@openbsd.org> | 2000-05-10 20:40:52 +0000 |
|---|---|---|
| committer | deraadt <deraadt@openbsd.org> | 2000-05-10 20:40:52 +0000 |
| commit | 027449545b38bcc23e20ddad8e3346514b5741da (patch) | |
| tree | aeba0b56ecac59eea5238d36f18d22cbbc5676e1 | |
| parent | make sure ip_timestamp is aligned correctly (diff) | |
| download | wireguard-openbsd-027449545b38bcc23e20ddad8e3346514b5741da.tar.xz wireguard-openbsd-027449545b38bcc23e20ddad8e3346514b5741da.zip | |
ipf 3.3.14, fixes an ipnat problem and ip option mishandling, which the bridge code cares about
| -rw-r--r-- | sys/netinet/fil.c | 16 | ||||
| -rw-r--r-- | sys/netinet/ip_fil.h | 4 | ||||
| -rw-r--r-- | sys/netinet/ip_nat.c | 6 | ||||
| -rw-r--r-- | sys/netinet/ipl.h | 4 |
4 files changed, 18 insertions, 12 deletions
diff --git a/sys/netinet/fil.c b/sys/netinet/fil.c index 94f201af5dc..05a4adaeea1 100644 --- a/sys/netinet/fil.c +++ b/sys/netinet/fil.c @@ -1,4 +1,4 @@ -/* $OpenBSD: fil.c,v 1.23 2000/05/01 06:16:47 kjell Exp $ */ +/* $OpenBSD: fil.c,v 1.24 2000/05/10 20:40:52 deraadt Exp $ */ /* * Copyright (C) 1993-1998 by Darren Reed. @@ -284,13 +284,19 @@ getports: } - for (s = (u_char *)(ip + 1), hlen -= (int)sizeof(*ip); hlen; ) { + for (s = (u_char *)(ip + 1), hlen -= (int)sizeof(*ip); hlen > 0; ) { opt = *s; if (opt == '\0') break; - ol = (opt == IPOPT_NOP) ? 1 : (int)*(s+1); - if (opt > 1 && (ol < 2 || ol > hlen)) - break; + else if (opt == IPOPT_NOP) + ol = 1; + else { + if (hlen < 2) + break; + ol = (int)*(s + 1); + if (ol < 2 || ol > hlen) + break; + } for (i = 9, mv = 4; mv >= 0; ) { op = ipopts + i; if (opt == (u_char)op->ol_val) { diff --git a/sys/netinet/ip_fil.h b/sys/netinet/ip_fil.h index 9a0dcd92207..e930e6783c1 100644 --- a/sys/netinet/ip_fil.h +++ b/sys/netinet/ip_fil.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_fil.h,v 1.18 2000/04/05 05:35:27 kjell Exp $ */ +/* $OpenBSD: ip_fil.h,v 1.19 2000/05/10 20:40:53 deraadt Exp $ */ /* * Copyright (C) 1993-1998 by Darren Reed. @@ -316,7 +316,7 @@ typedef struct friostat { char f_running; /* 1 if running, else 0 */ char f_logging; /* 1 if enabled, else 0 */ #if !SOLARIS && defined(sun) - char f_version[25]; /* version string */ + char f_version[17]; /* version string */ #else char f_version[32]; /* version string */ #endif diff --git a/sys/netinet/ip_nat.c b/sys/netinet/ip_nat.c index b27953a2f7f..b62baa9691e 100644 --- a/sys/netinet/ip_nat.c +++ b/sys/netinet/ip_nat.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_nat.c,v 1.30 2000/05/01 06:16:47 kjell Exp $ */ +/* $OpenBSD: ip_nat.c,v 1.31 2000/05/10 20:40:53 deraadt Exp $ */ /* * Copyright (C) 1995-1998 by Darren Reed. @@ -800,7 +800,7 @@ int direction; port += MAPBLK_MINPORT; port = htons(port); } - } else if (!in.s_addr && + } else if (!np->in_nip && (np->in_outmsk == 0xffffffff)) { /* * 0/32 - use the interface's IP address. @@ -811,7 +811,7 @@ int direction; return NULL; } in.s_addr = ntohl(in.s_addr); - } else if (!in.s_addr && !np->in_outmsk) { + } else if (!np->in_nip && !np->in_outmsk) { /* * 0/0 - use the original source address/port. */ diff --git a/sys/netinet/ipl.h b/sys/netinet/ipl.h index 4cd719e11d5..64458d225e9 100644 --- a/sys/netinet/ipl.h +++ b/sys/netinet/ipl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ipl.h,v 1.9 2000/05/01 06:16:47 kjell Exp $ */ +/* $OpenBSD: ipl.h,v 1.10 2000/05/10 20:40:53 deraadt Exp $ */ /* * Copyright (C) 1993-1999 by Darren Reed. @@ -13,6 +13,6 @@ #ifndef __IPL_H__ #define __IPL_H__ -#define IPL_VERSION "IP Filter: v3.3.13" +#define IPL_VERSION "IP Filter: v3.3.14" #endif |