patch-1.3.26 linux/net/ipv4/ip_fw.c
Next file: linux/net/ipv4/ipip.c
Previous file: linux/net/ipv4/ip.c
Back to the patch index
Back to the overall index
- Lines: 81
- Date:
Mon Sep 11 20:16:03 1995
- Orig file:
v1.3.25/linux/net/ipv4/ip_fw.c
- Orig date:
Sat Sep 9 15:26:54 1995
diff -u --recursive --new-file v1.3.25/linux/net/ipv4/ip_fw.c linux/net/ipv4/ip_fw.c
@@ -192,7 +192,7 @@
__u32 src, dst;
__u16 src_port=0, dst_port=0, icmp_type=0;
unsigned short f_prt=0, prt;
- char notcpsyn=1, notcpack=1, frag1, match;
+ char notcpsyn=1, notcpack=1, match;
unsigned short f_flag;
unsigned short offset;
@@ -221,8 +221,6 @@
offset = ntohs(ip->frag_off) & IP_OFFSET;
- frag1 = (offset == 0);
-
/*
* Don't allow a fragment of TCP 8 bytes in. Nobody
* normal causes this. Its a cracker trying to break
@@ -231,25 +229,25 @@
*/
if (offset == 1 && ip->protocol == IPPROTO_TCP)
- return 0;
+ return FW_BLOCK;
- if (!frag1 && (opt != 1) && (ip->protocol == IPPROTO_TCP ||
+ if (offset!=0 && (opt != 1) && (ip->protocol == IPPROTO_TCP ||
ip->protocol == IPPROTO_UDP))
- return(1);
+ return FW_ACCEPT;
/*
* Header fragment for TCP is too small to check the bits.
*/
if(ip->protocol==IPPROTO_TCP && (ip->ihl<<2)+16 > ntohs(ip->tot_len))
- return 0;
+ return FW_BLOCK;
/*
* Too short.
*/
else if(ntohs(ip->tot_len)<8+(ip->ihl<<2))
- return 0;
+ return FW_BLOCK;
src = ip->saddr;
dst = ip->daddr;
@@ -268,7 +266,7 @@
case IPPROTO_TCP:
dprintf1("TCP ");
/* ports stay 0 if it is not the first fragment */
- if (frag1) {
+ if (offset!=0) {
src_port=ntohs(tcp->source);
dst_port=ntohs(tcp->dest);
if(tcp->ack)
@@ -283,7 +281,7 @@
case IPPROTO_UDP:
dprintf1("UDP ");
/* ports stay 0 if it is not the first fragment */
- if (frag1) {
+ if (offset!=0) {
src_port=ntohs(udp->source);
dst_port=ntohs(udp->dest);
}
@@ -478,10 +476,10 @@
else
f_flag=policy;
if(f_flag&IP_FW_F_ACCEPT)
- return ((f_flag&IP_FW_F_MASQ)?2:1);
+ return ((f_flag&IP_FW_F_MASQ)?FW_MASQUERADE:FW_ACCEPT);
if(f_flag&IP_FW_F_ICMPRPL)
- return -1;
- return 0;
+ return FW_REJECT;
+ return FW_BLOCK;
}
#ifdef CONFIG_IP_MASQUERADE
FUNET's LINUX-ADM group, [email protected]
TCL-scripts by Sam Shen, [email protected]
with Sam's (original) version of this