author: Julian Elischer <julian@FreeBSD.org> 1998-07-06 08:29:48 +0000
committer: Julian Elischer <julian@FreeBSD.org> 1998-07-06 08:29:48 +0000
commit: 539c8db0d80f4d14bc91aa8e8d0e236f21bd9103 (patch)
tree: d91e32526689d5bd74407ad24cbd31f9c8095f82 /sys
parent: a97c61f7a2e97ab670c0bb104d90bb895de2cfaa (diff)
3 files changed, 28 insertions, 28 deletions
diff --git a/sys/netinet/ip_divert.c b/sys/netinet/ip_divert.c
index 0a78776e5e61..f5ba9057ebea 100644
--- a/sys/netinet/ip_divert.c
+++ b/sys/netinet/ip_divert.c
@@ -30,7 +30,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- *	$Id: ip_divert.c,v 1.1.2.9 1998/06/12 03:02:08 julian Exp $
+ *	$Id: ip_divert.c,v 1.1.2.10 1998/07/01 01:38:34 julian Exp $
  */
 
 #include "opt_ipfw.h"
@@ -156,19 +156,19 @@ div_input(struct mbuf *m, int hlen)
 	}
 	ip = mtod(m, struct ip *);
 
-	/* Record divert port */
-#ifndef IPFW_DIVERT_RESTART
-	divsrc.sin_port = htons(ip_divert_port);
-#else
+	/* Record divert cookie */
 	divsrc.sin_port = ip_divert_cookie;
-#endif /* IPFW_DIVERT_RESTART */
+	ip_divert_cookie = 0;
 
 	/* Restore packet header fields */
 	ip->ip_len += hlen;
 	HTONS(ip->ip_len);
 	HTONS(ip->ip_off);
 
-	/* Record receive interface address, if any */
+	/*
+	 * Record receive interface address, if any 
+	 * But only for incoming packets.
+	 */
 	divsrc.sin_addr.s_addr = 0;
 	if (hlen) {
 		struct ifaddr *ifa;
@@ -194,6 +194,9 @@ div_input(struct mbuf *m, int hlen)
 			break;
 		}
 	}
+	/*
+	 * Record the incoming interface name whenever we have one.
+	 */
 	if (m->m_pkthdr.rcvif) {
 		char	name[32];
 		
@@ -226,6 +229,7 @@ div_input(struct mbuf *m, int hlen)
 		if (inp->inp_lport == htons(ip_divert_port))
 			sa = inp->inp_socket;
 	}
+	ip_divert_port = 0;
 	if (sa) {
 		if (sbappendaddr(&sa->so_rcv, (struct sockaddr *)&divsrc,
 				m, (struct mbuf *)0) == 0)
@@ -267,11 +271,7 @@ div_output(so, m, addr, control)
 
 	/* Loopback avoidance */
 	if (sin) {
-#ifndef IPFW_DIVERT_RESTART
-		ip_divert_cookie = ntohs(sin->sin_port);
-#else
 		ip_divert_cookie = sin->sin_port;
-#endif /* IPFW_DIVERT_RESTART */
 	} else {
 		ip_divert_cookie = 0;
 	}
diff --git a/sys/netinet/ip_fw.c b/sys/netinet/ip_fw.c
index 1727ff4a5552..1a05af32d78b 100644
--- a/sys/netinet/ip_fw.c
+++ b/sys/netinet/ip_fw.c
@@ -12,7 +12,7 @@
  *
  * This software is provided ``AS IS'' without any warranties of any kind.
  *
- *	$Id: ip_fw.c,v 1.51.2.14 1998/06/05 21:38:07 julian Exp $
+ *	$Id: ip_fw.c,v 1.51.2.15 1998/07/01 01:38:35 julian Exp $
  */
 
 /*
@@ -399,9 +399,10 @@ ip_fw_chk(struct ip **pip, int hlen,
 #ifdef	IPFW_DIVERT_RESTART
 	u_int16_t skipto = *cookie;
 #else
-	u_int16_t ignport = *cookie;
+	u_int16_t ignport = ntohs(*cookie);
 #endif
 
+	*cookie = 0;
 	/*
 	 * Go down the chain, looking for enlightment
 	 * #ifdef IPFW_DIVERT_RESTART
@@ -601,7 +602,7 @@ got_match:
 #ifdef IPFW_DIVERT_RESTART
 			*cookie = f->fw_number;
 #else
-			*cookie = f->fw_divert_port;
+			*cookie = htons(f->fw_divert_port);
 #endif /* IPFW_DIVERT_RESTART */
 			return(f->fw_divert_port);
 		case IP_FW_F_TEE:
diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c
index eec76d4fe9d0..10f75da771aa 100644
--- a/sys/netinet/ip_input.c
+++ b/sys/netinet/ip_input.c
@@ -31,7 +31,7 @@
  * SUCH DAMAGE.
  *
  *	@(#)ip_input.c	8.2 (Berkeley) 1/4/94
- * $Id: ip_input.c,v 1.50.2.15 1998/06/05 21:38:09 julian Exp $
+ * $Id: ip_input.c,v 1.50.2.16 1998/07/01 01:38:36 julian Exp $
  *	$ANA: ip_input.c,v 1.5 1996/09/18 14:34:59 wollman Exp $
  */
 
@@ -332,18 +332,19 @@ tooshort:
 
 #ifdef COMPAT_IPFW
 	if (ip_fw_chk_ptr) {
-#ifdef IPDIVERT
 		u_short port;
 
+#ifdef IPDIVERT
 		port = (*ip_fw_chk_ptr)(&ip, hlen, NULL, &ip_divert_cookie, &m);
 		if (port) {			/* Divert packet */
 			frag_divert_port = port;
 			goto ours;
 		}
 #else
-		u_int16_t	dummy	= 0;
 		/* If ipfw says divert, we have to just drop packet */
-		if ((*ip_fw_chk_ptr)(&ip, hlen, NULL, &dummy, &m)) {
+		/* use port as a dummy argument */
+		port = 0;
+		if ((*ip_fw_chk_ptr)(&ip, hlen, NULL, &port, &m)) {
 			m_freem(m);
 			m = NULL;
 		}
@@ -552,6 +553,8 @@ found:
 #ifdef IPDIVERT
 	/*
 	 * Divert reassembled packets to the divert protocol if required
+	 * If divert port is null then cookie should be too,
+	 * so we shouldn't need to clear them here. Assume ip_divert does so.
 	 */
 	if (frag_divert_port) {
 		ipstat.ips_delivered++;
@@ -566,12 +569,6 @@ found:
 		ipstat.ips_noproto++;
 		goto bad;
 	}
-
-	/* Don't let packets divert themselves */
-	if (ip->ip_p == IPPROTO_DIVERT) {
-		ipstat.ips_noproto++;
-		goto bad;
-	}
 #endif
 
 	/*
@@ -704,12 +701,10 @@ insert:
 	/*
 	 * Any fragment diverting causes the whole packet to divert
 	 */
-	if (frag_divert_port != 0) {
-		fp->ipq_divert = frag_divert_port;
+	fp->ipq_divert = frag_divert_port;
 #ifdef IPFW_DIVERT_RESTART
-		fp->ipq_div_cookie = ip_divert_cookie;
+	fp->ipq_div_cookie = ip_divert_cookie;
 #endif /* IPFW_DIVERT_RESTART */
-	}
 	frag_divert_port = 0;
 	ip_divert_cookie = 0;
 #endif
@@ -790,6 +785,10 @@ insert:
 	return ((struct ip *)ip);
 
 dropfrag:
+#ifdef IPDIVERT
+	frag_divert_port = 0;
+	ip_divert_cookie = 0;
+#endif
 	ipstat.ips_fragdropped++;
 	m_freem(m);
 	return (0);
author	Julian Elischer <julian@FreeBSD.org>	1998-07-06 08:29:48 +0000
committer	Julian Elischer <julian@FreeBSD.org>	1998-07-06 08:29:48 +0000
commit	539c8db0d80f4d14bc91aa8e8d0e236f21bd9103 (patch)
tree	d91e32526689d5bd74407ad24cbd31f9c8095f82 /sys
parent	a97c61f7a2e97ab670c0bb104d90bb895de2cfaa (diff)