A few people have posted to the list about problems with
using the auth keyword and the packet buffering. The
attached patch should help the problem (being that the
buffer was not being used correctly.)
This patch is against 4.1.24 but should apply cleanly
against 4.1.16 or later. This patch will be included
in 4.1.25.
Darren
Index: ip_auth.c
===================================================================
RCS file: /devel/CVS/IP-Filter/ip_auth.c,v
retrieving revision 2.73.2.22
diff -c -r2.73.2.22 ip_auth.c
*** ip_auth.c 6 Jun 2007 08:05:18 -0000 2.73.2.22
--- ip_auth.c 30 Jul 2007 10:06:03 -0000
***************
*** 324,339 ****
return 0;
WRITE_ENTER(&ipf_auth);
! if (fr_authstart > fr_authend) {
fr_authstats.fas_nospace++;
RWLOCK_EXIT(&ipf_auth);
return 0;
- } else {
- if (fr_authused == fr_authsize) {
- fr_authstats.fas_nospace++;
- RWLOCK_EXIT(&ipf_auth);
- return 0;
- }
}
fr_authstats.fas_added++;
--- 324,333 ----
return 0;
WRITE_ENTER(&ipf_auth);
! if (((fr_authend + 1) % fr_authsize) == fr_authstart) {
fr_authstats.fas_nospace++;
RWLOCK_EXIT(&ipf_auth);
return 0;
}
fr_authstats.fas_added++;
***************
*** 712,726 ****
/* ------------------------------------------------------------------------ */
/* Function: fr_auth_waiting */
! /* Returns: int - number of packets in the auth queue */
/* Parameters: None */
/* */
! /* Returns the numbers of packets queued up, waiting to be processed with */
! /* a pair of SIOCAUTHW and SIOCAUTHR calls. */
/* ------------------------------------------------------------------------ */
int fr_auth_waiting()
{
! return (fr_authnext != fr_authend) && fr_authpkts[fr_authnext];
}
--- 706,720 ----
/* ------------------------------------------------------------------------ */
/* Function: fr_auth_waiting */
! /* Returns: int - 0 = no pakcets wiating, 1 = packets waiting. */
/* Parameters: None */
/* */
! /* Simple truth check to see if there are any packets waiting in the auth */
! /* queue. */
/* ------------------------------------------------------------------------ */
int fr_auth_waiting()
{
! return (fr_authused != 0);
}
***************
*** 855,863 ****
/*
* If fr_authnext is not equal to fr_authend it will be because there
* is a packet waiting to be delt with in the fr_authpkts array. We
! * copy as much of that out to user space as requested.
*/
! if ((fr_authnext != fr_authend) && fr_authpkts[fr_authnext]) {
error = fr_outobj(data, &fr_auth[fr_authnext], IPFOBJ_FRAUTH);
if (error != 0)
return error;
--- 849,862 ----
/*
* If fr_authnext is not equal to fr_authend it will be because there
* is a packet waiting to be delt with in the fr_authpkts array. We
! * copy as much of that out to user space as requested. If the auth
! * buffer ring becomes full, authend == authstart and it may well be
! * the case that authend == authnext too, so make
*/
! if (fr_authused > 0) {
! while (fr_authpkts[fr_authnext] == NULL)
! fr_authnext++;
!
error = fr_outobj(data, &fr_auth[fr_authnext], IPFOBJ_FRAUTH);
if (error != 0)
return error;
