summaryrefslogtreecommitdiff
path: root/sys/net/pf.c
diff options
context:
space:
mode:
authorMike Frantzen <frantzen@cvs.openbsd.org>2001-08-22 00:26:11 +0000
committerMike Frantzen <frantzen@cvs.openbsd.org>2001-08-22 00:26:11 +0000
commita4cc1fd5a923af81042055a26dbd8a2f3a7b4d54 (patch)
tree5f8c7f718e20ae0b8b65651ed060f3459ad8ac69 /sys/net/pf.c
parent0b7fd41c93659085d64a93d7320fda3d1d601c56 (diff)
Fix panic in pf (was my fault) caused by a bad key compare optimization
Add debug output to track loose state matches
Diffstat (limited to 'sys/net/pf.c')
-rw-r--r--sys/net/pf.c22
1 files changed, 17 insertions, 5 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c
index db6f901a5de..9da08ea8b4e 100644
--- a/sys/net/pf.c
+++ b/sys/net/pf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf.c,v 1.135 2001/08/21 17:25:59 deraadt Exp $ */
+/* $OpenBSD: pf.c,v 1.136 2001/08/22 00:26:10 frantzen Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -210,10 +210,14 @@ pf_tree_key_compare(struct pf_tree_key *a, struct pf_tree_key *b)
*/
if ((diff = a->proto - b->proto) != 0)
return (diff);
- if ((diff = a->addr[0].s_addr - b->addr[0].s_addr) != 0)
- return (diff);
- if ((diff = a->addr[1].s_addr - b->addr[1].s_addr) != 0)
- return (diff);
+ if (a->addr[0].s_addr > b->addr[0].s_addr)
+ return 1;
+ if (a->addr[0].s_addr < b->addr[0].s_addr)
+ return -1;
+ if (a->addr[1].s_addr > b->addr[1].s_addr)
+ return 1;
+ if (a->addr[1].s_addr < b->addr[1].s_addr)
+ return -1;
if ((diff = a->port[0] - b->port[0]) != 0)
return (diff);
if ((diff = a->port[1] - b->port[1]) != 0)
@@ -2606,6 +2610,14 @@ pf_test_state_tcp(struct pf_state **state, int direction, struct ifnet *ifp,
* and keep updating the state TTL.
*/
+ if (pf_status.debug >= PF_DEBUG_MISC) {
+ printf("pf: loose state match: ");
+ pf_print_state(*state);
+ pf_print_flags(th->th_flags);
+ printf(" seq=%lu ack=%lu len=%u ackskew=%d pkts=%d\n",
+ seq, ack, len, ackskew, (*state)->packets);
+ }
+
(*state)->packets++;
(*state)->bytes += h->ip_len;