Date: Fri, 27 Oct 2000 17:56:06 +0300 From: Ruslan Ermilov <ru@FreeBSD.org> To: Darren Reed <darrenr@reed.wattle.id.au>, Darren Reed <darrenr@pobox.com> Cc: net@FreeBSD.org Subject: Re: [CFR] IPFILTER patch Message-ID: <20001027175606.A39062@sunbay.com> In-Reply-To: <200010271431.BAA19966@avalon.reed.wattle.id.au>; from darrenr@reed.wattle.id.au on Sat, Oct 28, 2000 at 01:31:23AM %2B1100 References: <20001027170933.A36523@sunbay.com> <200010271431.BAA19966@avalon.reed.wattle.id.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Oct 28, 2000 at 01:31:23AM +1100, Darren Reed wrote:
> In some email I received from Ruslan Ermilov, sie wrote:
> > Hi!
> >
> > As we discussed yesterday, here are the patches to IPFILTER
> > that are needed for my upcoming "byte-swapping elimination"
> > patch. Sorry, it took a bit more than an hour...
>
> Hmm, there are some problems with this.
>
> In some cases, off is being put into an int (should always be
> a u_short)
>
Huh, the only such a case I see is inside fr_makefrip(), and is
easily fixed by:
--- fil.c 2000/10/26 12:33:42 1.21
+++ fil.c 2000/10/27 14:50:40
@@ -204,8 +204,8 @@ int hlen;
ip_t *ip;
fr_info_t *fin;
{
- u_short optmsk = 0, secmsk = 0, auth = 0;
- int i, mv, ol, off, p, plen, v;
+ u_short optmsk = 0, secmsk = 0, auth = 0, off;
+ int i, mv, ol, p, plen, v;
fr_ip_t *fi = &fin->fin_fi;
struct optlist *op;
u_char *s, opt;
> but of more concern is that you're treating fin_off
> as both a byte address (you shift it left three times) and as
> the eight byte offset it actually is in the packet.
>
Umm, not exactly. They are really EQUIVALENT for zero/non-zero tests.
If the offset is zero, then offset*8 is also zero, and vice versa.
As for the ip_frag.c code, I have explicitly stated that it now stores
offsets of fragments in bytes (previously was in octets).
So this should not be a problem.
--
Ruslan Ermilov Oracle Developer/DBA,
ru@sunbay.com Sunbay Software AG,
ru@FreeBSD.org FreeBSD committer,
+380.652.512.251 Simferopol, Ukraine
http://www.FreeBSD.org The Power To Serve
http://www.oracle.com Enabling The Information Age
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001027175606.A39062>