diff options
author | Mike Frantzen <frantzen@cvs.openbsd.org> | 2001-08-22 00:26:11 +0000 |
---|---|---|
committer | Mike Frantzen <frantzen@cvs.openbsd.org> | 2001-08-22 00:26:11 +0000 |
commit | a4cc1fd5a923af81042055a26dbd8a2f3a7b4d54 (patch) | |
tree | 5f8c7f718e20ae0b8b65651ed060f3459ad8ac69 /sys/net/pf.c | |
parent | 0b7fd41c93659085d64a93d7320fda3d1d601c56 (diff) |
Fix panic in pf (was my fault) caused by a bad key compare optimization
Add debug output to track loose state matches
Diffstat (limited to 'sys/net/pf.c')
-rw-r--r-- | sys/net/pf.c | 22 |
1 files changed, 17 insertions, 5 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index db6f901a5de..9da08ea8b4e 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.135 2001/08/21 17:25:59 deraadt Exp $ */ +/* $OpenBSD: pf.c,v 1.136 2001/08/22 00:26:10 frantzen Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -210,10 +210,14 @@ pf_tree_key_compare(struct pf_tree_key *a, struct pf_tree_key *b) */ if ((diff = a->proto - b->proto) != 0) return (diff); - if ((diff = a->addr[0].s_addr - b->addr[0].s_addr) != 0) - return (diff); - if ((diff = a->addr[1].s_addr - b->addr[1].s_addr) != 0) - return (diff); + if (a->addr[0].s_addr > b->addr[0].s_addr) + return 1; + if (a->addr[0].s_addr < b->addr[0].s_addr) + return -1; + if (a->addr[1].s_addr > b->addr[1].s_addr) + return 1; + if (a->addr[1].s_addr < b->addr[1].s_addr) + return -1; if ((diff = a->port[0] - b->port[0]) != 0) return (diff); if ((diff = a->port[1] - b->port[1]) != 0) @@ -2606,6 +2610,14 @@ pf_test_state_tcp(struct pf_state **state, int direction, struct ifnet *ifp, * and keep updating the state TTL. */ + if (pf_status.debug >= PF_DEBUG_MISC) { + printf("pf: loose state match: "); + pf_print_state(*state); + pf_print_flags(th->th_flags); + printf(" seq=%lu ack=%lu len=%u ackskew=%d pkts=%d\n", + seq, ack, len, ackskew, (*state)->packets); + } + (*state)->packets++; (*state)->bytes += h->ip_len; |