Module Name: src
Committed By: rmind
Date: Sat Jul 21 17:11:02 UTC 2012
Modified Files:
src/sys/net/npf: npf_inet.c npf_state.c npf_state_tcp.c
src/usr.sbin/npf/npftest: npfstream.c
src/usr.sbin/npf/npftest/libnpftest: npf_test_subr.c
Log Message:
- npf_fetch_tcpopts: fix off-by-one when validating TCP option length
against the maximum allowed.
- npf_tcp_inwindow: be more liberal with npf_fetch_tcpopts().
- Few minor improvements to npftest.
To generate a diff of this commit:
cvs rdiff -u -r1.15 -r1.16 src/sys/net/npf/npf_inet.c
cvs rdiff -u -r1.9 -r1.10 src/sys/net/npf/npf_state.c \
src/sys/net/npf/npf_state_tcp.c
cvs rdiff -u -r1.1 -r1.2 src/usr.sbin/npf/npftest/npfstream.c
cvs rdiff -u -r1.1 -r1.2 src/usr.sbin/npf/npftest/libnpftest/npf_test_subr.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/net/npf/npf_inet.c
diff -u src/sys/net/npf/npf_inet.c:1.15 src/sys/net/npf/npf_inet.c:1.16
--- src/sys/net/npf/npf_inet.c:1.15 Thu Jul 19 21:52:29 2012
+++ src/sys/net/npf/npf_inet.c Sat Jul 21 17:11:01 2012
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_inet.c,v 1.15 2012/07/19 21:52:29 spz Exp $ */
+/* $NetBSD: npf_inet.c,v 1.16 2012/07/21 17:11:01 rmind Exp $ */
/*-
* Copyright (c) 2009-2012 The NetBSD Foundation, Inc.
@@ -39,7 +39,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_inet.c,v 1.15 2012/07/19 21:52:29 spz Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_inet.c,v 1.16 2012/07/21 17:11:01 rmind Exp $");
#include <sys/param.h>
#include <sys/types.h>
@@ -277,7 +277,7 @@ next:
if (nbuf_advfetch(&nbuf, &n_ptr, 1, sizeof(val), &val)) {
return false;
}
- if (val < 2 || val >= topts_len) {
+ if (val < 2 || val > topts_len) {
return false;
}
topts_len -= val;
Index: src/sys/net/npf/npf_state.c
diff -u src/sys/net/npf/npf_state.c:1.9 src/sys/net/npf/npf_state.c:1.10
--- src/sys/net/npf/npf_state.c:1.9 Sun Jul 1 23:21:06 2012
+++ src/sys/net/npf/npf_state.c Sat Jul 21 17:11:01 2012
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_state.c,v 1.9 2012/07/01 23:21:06 rmind Exp $ */
+/* $NetBSD: npf_state.c,v 1.10 2012/07/21 17:11:01 rmind Exp $ */
/*-
* Copyright (c) 2010-2012 The NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_state.c,v 1.9 2012/07/01 23:21:06 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_state.c,v 1.10 2012/07/21 17:11:01 rmind Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@@ -107,6 +107,7 @@ npf_state_init(const npf_cache_t *npc, n
default:
ret = false;
}
+ NPF_TCP_STATE_SAMPLE(nst, ret);
return ret;
}
Index: src/sys/net/npf/npf_state_tcp.c
diff -u src/sys/net/npf/npf_state_tcp.c:1.9 src/sys/net/npf/npf_state_tcp.c:1.10
--- src/sys/net/npf/npf_state_tcp.c:1.9 Sun Jul 15 00:23:00 2012
+++ src/sys/net/npf/npf_state_tcp.c Sat Jul 21 17:11:02 2012
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_state_tcp.c,v 1.9 2012/07/15 00:23:00 rmind Exp $ */
+/* $NetBSD: npf_state_tcp.c,v 1.10 2012/07/21 17:11:02 rmind Exp $ */
/*-
* Copyright (c) 2010-2012 The NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_state_tcp.c,v 1.9 2012/07/15 00:23:00 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_state_tcp.c,v 1.10 2012/07/21 17:11:02 rmind Exp $");
#include <sys/param.h>
#include <sys/types.h>
@@ -300,7 +300,7 @@ npf_tcp_inwindow(const npf_cache_t *npc,
const struct tcphdr * const th = &npc->npc_l4.tcp;
const int tcpfl = th->th_flags;
npf_tcpstate_t *fstate, *tstate;
- int tcpdlen, wscale, ackskew;
+ int tcpdlen, ackskew;
tcp_seq seq, ack, end;
uint32_t win;
@@ -359,11 +359,9 @@ npf_tcp_inwindow(const npf_cache_t *npc,
* Handle TCP Window Scaling (RFC 1323). Both sides may
* send this option in their SYN packets.
*/
- if (npf_fetch_tcpopts(npc, nbuf, NULL, &wscale)) {
- fstate->nst_wscale = wscale;
- } else {
- fstate->nst_wscale = 0;
- }
+ fstate->nst_wscale = 0;
+ (void)npf_fetch_tcpopts(npc, nbuf, NULL, &fstate->nst_wscale);
+
tstate->nst_wscale = 0;
/* Done. */
@@ -377,12 +375,12 @@ npf_tcp_inwindow(const npf_cache_t *npc,
fstate->nst_end = end;
fstate->nst_maxend = end + 1;
fstate->nst_maxwin = win;
+ fstate->nst_wscale = 0;
/* Handle TCP Window Scaling (must be ignored if no SYN). */
if (tcpfl & TH_SYN) {
- fstate->nst_wscale =
- npf_fetch_tcpopts(npc, nbuf, NULL, &wscale) ?
- wscale : 0;
+ (void)npf_fetch_tcpopts(npc, nbuf, NULL,
+ &fstate->nst_wscale);
}
}
Index: src/usr.sbin/npf/npftest/npfstream.c
diff -u src/usr.sbin/npf/npftest/npfstream.c:1.1 src/usr.sbin/npf/npftest/npfstream.c:1.2
--- src/usr.sbin/npf/npftest/npfstream.c:1.1 Wed May 30 21:38:04 2012
+++ src/usr.sbin/npf/npftest/npfstream.c Sat Jul 21 17:11:02 2012
@@ -1,4 +1,4 @@
-/* $NetBSD: npfstream.c,v 1.1 2012/05/30 21:38:04 rmind Exp $ */
+/* $NetBSD: npfstream.c,v 1.2 2012/07/21 17:11:02 rmind Exp $ */
/*
* NPF stream processor.
@@ -67,7 +67,7 @@ process_tcpip(const void *data, size_t l
forw = (initial_ip.s_addr == ip->ip_src.s_addr);
packetno = forw ? ++snd_packet_no : ++rcv_packet_no;
- int64_t result[9];
+ int64_t result[11];
memset(result, 0, sizeof(result));
len = ntohs(ip->ip_len);
@@ -76,7 +76,7 @@ process_tcpip(const void *data, size_t l
fprintf(fp, "%s%2x %5d %3d %11u %11u %11u %11u %12lx",
forw ? ">" : "<", (th->th_flags & (TH_SYN | TH_ACK | TH_FIN)),
packetno, error, (u_int)seq, (u_int)ntohl(th->th_ack),
- (u_int)(seq + tcpdlen), ntohs(th->th_win), (uintptr_t)result[0]);
+ tcpdlen, ntohs(th->th_win), (uintptr_t)result[0]);
for (unsigned i = 1; i < __arraycount(result); i++) {
fprintf(fp, "%11" PRIu64 " ", result[i]);
@@ -101,9 +101,12 @@ process_stream(const char *input, const
if (fp == NULL) {
err(EXIT_FAILURE, "fopen");
}
- fprintf(fp, "# %5s %3s %11s %11s %11s %11s %11s %11s %11s\n",
+ fprintf(fp, "#FL %5s %3s %11s %11s %11s %11s %11s %11s %11s "
+ "%11s %11s %11s %5s %11s %11s %11s %5s\n",
"No", "Err", "Seq", "Ack", "TCP Len", "Win",
- "Stream", "RetVal", "State");
+ "Stream", "RetVal", "State",
+ "F.END", "F.MAXEND", "F.MAXWIN", "F.WSC",
+ "T.END", "T.MAXEND", "T.MAXWIN", "T.WSC");
while (pcap_next_ex(pcap, &phdr, &data) > 0) {
if (phdr->len != phdr->caplen) {
warnx("process_stream: truncated packet");
Index: src/usr.sbin/npf/npftest/libnpftest/npf_test_subr.c
diff -u src/usr.sbin/npf/npftest/libnpftest/npf_test_subr.c:1.1 src/usr.sbin/npf/npftest/libnpftest/npf_test_subr.c:1.2
--- src/usr.sbin/npf/npftest/libnpftest/npf_test_subr.c:1.1 Wed May 30 21:38:04 2012
+++ src/usr.sbin/npf/npftest/libnpftest/npf_test_subr.c Sat Jul 21 17:11:02 2012
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_test_subr.c,v 1.1 2012/05/30 21:38:04 rmind Exp $ */
+/* $NetBSD: npf_test_subr.c,v 1.2 2012/07/21 17:11:02 rmind Exp $ */
/*
* NPF initialisation and handler routines.
@@ -65,10 +65,12 @@ npf_test_handlepkt(const void *data, siz
result[i++] = fstate->nst_end;
result[i++] = fstate->nst_maxend;
result[i++] = fstate->nst_maxwin;
+ result[i++] = fstate->nst_wscale;
result[i++] = tstate->nst_end;
result[i++] = tstate->nst_maxend;
result[i++] = tstate->nst_maxwin;
+ result[i++] = tstate->nst_wscale;
return 0;
}
