summaryrefslogtreecommitdiff
path: root/sys/net/pf.c
diff options
context:
space:
mode:
authorNiels Provos <provos@cvs.openbsd.org>2001-08-01 23:07:37 +0000
committerNiels Provos <provos@cvs.openbsd.org>2001-08-01 23:07:37 +0000
commit303a1a630d3f99e0a1c4cd6840818f4f6af7f984 (patch)
treebbf73b0a5ae38bd25cd877499184386c38061bca /sys/net/pf.c
parent5e71be6b58dcee1cc6afa33ae5cdea487cf6b5fc (diff)
stateless tcp normalization along the lines of the normalization paper by
handley, paxon and kreibich; okay deraadt@
Diffstat (limited to 'sys/net/pf.c')
-rw-r--r--sys/net/pf.c9
1 files changed, 6 insertions, 3 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c
index 90757da31ae..be4fa7cc86f 100644
--- a/sys/net/pf.c
+++ b/sys/net/pf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf.c,v 1.121 2001/07/30 23:00:37 deraadt Exp $ */
+/* $OpenBSD: pf.c,v 1.122 2001/08/01 23:07:36 provos Exp $ */
/*
* Copyright (c) 2001, Daniel Hartmeier
@@ -145,8 +145,6 @@ void pf_change_icmp(u_int32_t *, u_int16_t *, u_int32_t *,
u_int16_t *, u_int16_t *);
void pf_send_reset(struct ip *, int, struct tcphdr *);
void pf_send_icmp(struct mbuf *, u_int8_t, u_int8_t);
-int pf_match_port(u_int8_t, u_int16_t, u_int16_t,
- u_int16_t);
u_int16_t pf_map_port_range(struct pf_rdr *, u_int16_t);
struct pf_nat *pf_get_nat(struct ifnet *, u_int8_t, u_int32_t,
u_int32_t);
@@ -178,6 +176,8 @@ int pf_get_sport(u_int8_t, u_int16_t, u_int16_t,
void pf_put_sport(u_int8_t, u_int16_t);
int pf_add_sport(struct pf_port_list *, u_int16_t);
int pf_chk_sport(struct pf_port_list *, u_int16_t);
+int pf_normalize_tcp(int, struct ifnet *, struct mbuf *,
+ int, int, struct ip *, struct tcphdr *);
#if NPFLOG > 0
#define PFLOG_PACKET(x,a,b,c,d,e) \
@@ -2599,6 +2599,9 @@ pf_test(int dir, struct ifnet *ifp, struct mbuf **m0)
log = action != PF_PASS;
goto done;
}
+ action = pf_normalize_tcp(dir, ifp, m, 0, off, h, &th);
+ if (action == PF_DROP)
+ break;
action = pf_test_state_tcp(&s, dir, ifp, m, 0, off, h , &th);
if (action == PF_PASS) {
r = s->rule;