[Netadm-devel] gwc/pf pf.c,1.6,1.7
Status: Beta
Brought to you by:
linuxpark
Menu
▾
▴
[Netadm-devel] gwc/pf pf.c,1.6,1.7
|
From: linuxpark <lin...@us...> - 2006-03-14 17:17:16
|
Update of /cvsroot/netadm/gwc/pf In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv14271/pf Modified Files: pf.c Log Message: ADD: anyTCP, anyUDP, ICMP Index: pf.c =================================================================== RCS file: /cvsroot/netadm/gwc/pf/pf.c,v retrieving revision 1.6 retrieving revision 1.7 diff -C2 -d -r1.6 -r1.7 *** pf.c 10 Mar 2006 16:48:49 -0000 1.6 --- pf.c 14 Mar 2006 17:17:08 -0000 1.7 *************** *** 332,336 **** udph = (struct udphdr *) ((char *) ip + ip->ihl * 4); ! if (udph->source != n->key.sport || udph->dest != n->key.dport) goto EXIT_ACCEPT; --- 332,342 ---- udph = (struct udphdr *) ((char *) ip + ip->ihl * 4); ! if ( !n->key.sport && !n->key.dport ) ! goto EXIT_SCHEDULE; ! else if (!n->key.sport && udph->dest == n->key.dport) ! goto EXIT_SCHEDULE; ! else if (!n->key.dport && udph->source == n->key.sport) ! goto EXIT_SCHEDULE; ! else goto EXIT_ACCEPT; *************** *** 340,352 **** tcph = (struct tcphdr *) ((__u32 *) ip + ip->ihl); ! if (tcph->source != n->key.sport || tcph->dest != n->key.dport) goto EXIT_ACCEPT; ! break; case IPPROTO_ICMP: icmph = skb_header_pointer(skb, ip->ihl * 4, sizeof (_icmph), &_icmph); ! if (icmph->type != n->key.dport) goto EXIT_ACCEPT; break; --- 346,369 ---- tcph = (struct tcphdr *) ((__u32 *) ip + ip->ihl); ! if ( !n->key.sport && !n->key.dport ) ! goto EXIT_SCHEDULE; ! else if (!n->key.sport && tcph->dest == n->key.dport) ! goto EXIT_SCHEDULE; ! else if (!n->key.dport && tcph->source == n->key.sport) ! goto EXIT_SCHEDULE; ! else goto EXIT_ACCEPT; ! break; case IPPROTO_ICMP: icmph = skb_header_pointer(skb, ip->ihl * 4, sizeof (_icmph), &_icmph); ! ! if ( !n->key.dport ) ! goto EXIT_SCHEDULE; ! else if (icmph->type != n->key.dport) goto EXIT_ACCEPT; + else + goto EXIT_SCHEDULE; break; *************** *** 357,360 **** --- 374,386 ---- } + /* TODO: NAT */ + + + EXIT_ACCEPT: + spin_unlock (&bucket->lock); + return NF_ACCEPT; + + EXIT_SCHEDULE: + n->host.eat += skb->len; if (n->host.rule & FC_PR_CONTROL) { *************** *** 364,370 **** n->host.protocol, n->host.daddr, n->key.dport); ! goto EXIT_SCHEDULE; } ! } else if (n->host.rule & FC_PR_MOD_HEADER ) { /* TODO: */ --- 390,398 ---- n->host.protocol, n->host.daddr, n->key.dport); ! ! spin_unlock (&bucket->lock); ! return NF_DROP; } ! } else if (n->host.rule & FC_PR_MOD_HEADER ) { /* TODO: */ *************** *** 373,388 **** n->host.protocol, n->host.daddr, n->key.dport); } - /* TODO: NAT */ - - - EXIT_ACCEPT: - spin_unlock (&bucket->lock); return NF_ACCEPT; - - EXIT_SCHEDULE: - spin_unlock (&bucket->lock); /* TODO: NF_DROP -> insert_pending (skb, ...) */ - return NF_DROP; } --- 401,410 ---- n->host.protocol, n->host.daddr, n->key.dport); + + spin_unlock (&bucket->lock); + return NF_ACCEPT; } return NF_ACCEPT; /* TODO: NF_DROP -> insert_pending (skb, ...) */ } |
