Update of /cvsroot/netadm/gwc/pf
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv14271/pf
Modified Files:
pf.c
Log Message:
ADD: anyTCP, anyUDP, ICMP
Index: pf.c
===================================================================
RCS file: /cvsroot/netadm/gwc/pf/pf.c,v
retrieving revision 1.6
retrieving revision 1.7
diff -C2 -d -r1.6 -r1.7
*** pf.c 10 Mar 2006 16:48:49 -0000 1.6
--- pf.c 14 Mar 2006 17:17:08 -0000 1.7
***************
*** 332,336 ****
udph = (struct udphdr *) ((char *) ip + ip->ihl * 4);
! if (udph->source != n->key.sport || udph->dest != n->key.dport)
goto EXIT_ACCEPT;
--- 332,342 ----
udph = (struct udphdr *) ((char *) ip + ip->ihl * 4);
! if ( !n->key.sport && !n->key.dport )
! goto EXIT_SCHEDULE;
! else if (!n->key.sport && udph->dest == n->key.dport)
! goto EXIT_SCHEDULE;
! else if (!n->key.dport && udph->source == n->key.sport)
! goto EXIT_SCHEDULE;
! else
goto EXIT_ACCEPT;
***************
*** 340,352 ****
tcph = (struct tcphdr *) ((__u32 *) ip + ip->ihl);
! if (tcph->source != n->key.sport || tcph->dest != n->key.dport)
goto EXIT_ACCEPT;
!
break;
case IPPROTO_ICMP:
icmph = skb_header_pointer(skb, ip->ihl * 4, sizeof (_icmph), &_icmph);
! if (icmph->type != n->key.dport)
goto EXIT_ACCEPT;
break;
--- 346,369 ----
tcph = (struct tcphdr *) ((__u32 *) ip + ip->ihl);
! if ( !n->key.sport && !n->key.dport )
! goto EXIT_SCHEDULE;
! else if (!n->key.sport && tcph->dest == n->key.dport)
! goto EXIT_SCHEDULE;
! else if (!n->key.dport && tcph->source == n->key.sport)
! goto EXIT_SCHEDULE;
! else
goto EXIT_ACCEPT;
!
break;
case IPPROTO_ICMP:
icmph = skb_header_pointer(skb, ip->ihl * 4, sizeof (_icmph), &_icmph);
!
! if ( !n->key.dport )
! goto EXIT_SCHEDULE;
! else if (icmph->type != n->key.dport)
goto EXIT_ACCEPT;
+ else
+ goto EXIT_SCHEDULE;
break;
***************
*** 357,360 ****
--- 374,386 ----
}
+ /* TODO: NAT */
+
+
+ EXIT_ACCEPT:
+ spin_unlock (&bucket->lock);
+ return NF_ACCEPT;
+
+ EXIT_SCHEDULE:
+
n->host.eat += skb->len;
if (n->host.rule & FC_PR_CONTROL) {
***************
*** 364,370 ****
n->host.protocol,
n->host.daddr, n->key.dport);
! goto EXIT_SCHEDULE;
}
! }
else if (n->host.rule & FC_PR_MOD_HEADER ) {
/* TODO: */
--- 390,398 ----
n->host.protocol,
n->host.daddr, n->key.dport);
!
! spin_unlock (&bucket->lock);
! return NF_DROP;
}
! }
else if (n->host.rule & FC_PR_MOD_HEADER ) {
/* TODO: */
***************
*** 373,388 ****
n->host.protocol,
n->host.daddr, n->key.dport);
}
- /* TODO: NAT */
-
-
- EXIT_ACCEPT:
- spin_unlock (&bucket->lock);
return NF_ACCEPT;
-
- EXIT_SCHEDULE:
- spin_unlock (&bucket->lock);
/* TODO: NF_DROP -> insert_pending (skb, ...) */
- return NF_DROP;
}
--- 401,410 ----
n->host.protocol,
n->host.daddr, n->key.dport);
+
+ spin_unlock (&bucket->lock);
+ return NF_ACCEPT;
}
return NF_ACCEPT;
/* TODO: NF_DROP -> insert_pending (skb, ...) */
}
|
