patch-2.2.10 linux/net/ipv4/ip_fw.c
Next file: linux/net/ipv4/ip_options.c
Previous file: linux/net/ipv4/icmp.c
Back to the patch index
Back to the overall index
- Lines: 94
- Date:
Tue Jun 8 20:33:07 1999
- Orig file:
v2.2.9/linux/net/ipv4/ip_fw.c
- Orig date:
Wed Apr 28 11:37:32 1999
diff -u --recursive --new-file v2.2.9/linux/net/ipv4/ip_fw.c linux/net/ipv4/ip_fw.c
@@ -34,6 +34,9 @@
* Marc Santoro <ultima@snicker.emoti.com>
* 29-Jan-1999: Locally generated bogus IPs dealt with, rather than crash
* during dump_packet. --RR.
+ * 19-May-1999: Star Wars: The Phantom Menace opened. Rule num
+ * printed in log (modified from Michael Hasenstein's patch).
+ * Added SYN in log message. --RR
*/
/*
@@ -400,7 +403,9 @@
struct ip_fwkernel *f,
const ip_chainlabel chainlabel,
__u16 src_port,
- __u16 dst_port)
+ __u16 dst_port,
+ unsigned int count,
+ int syn)
{
__u32 *opt = (__u32 *) (ip + 1);
int opti;
@@ -432,7 +437,7 @@
for (opti = 0; opti < (ip->ihl - sizeof(struct iphdr) / 4); opti++)
printk(" O=0x%8.8X", *opt++);
- printk("\n");
+ printk(" %s(#%d)\n", syn ? "SYN " : /* "PENANCE" */ "", count);
}
/* function for checking chain labels for user space. */
@@ -520,12 +525,14 @@
const ip_chainlabel label,
struct sk_buff *skb,
unsigned int slot,
- __u16 src_port, __u16 dst_port)
+ __u16 src_port, __u16 dst_port,
+ unsigned int count,
+ int tcpsyn)
{
f->counters[slot].bcnt+=ntohs(ip->tot_len);
f->counters[slot].pcnt++;
if (f->ipfw.fw_flg & IP_FW_F_PRN) {
- dump_packet(ip,rif,f,label,src_port,dst_port);
+ dump_packet(ip,rif,f,label,src_port,dst_port,count,tcpsyn);
}
ip->tos = (ip->tos & f->ipfw.fw_tosand) ^ f->ipfw.fw_tosxor;
@@ -590,6 +597,7 @@
unsigned char oldtos;
struct ip_fwkernel *f;
int ret = FW_SKIP+2;
+ unsigned int count;
/* We handle fragments by dealing with the first fragment as
* if it was a normal packet. All other fragments are treated
@@ -610,7 +618,7 @@
if (offset == 1 && ip->protocol == IPPROTO_TCP) {
if (!testing && net_ratelimit()) {
printk("Suspect TCP fragment.\n");
- dump_packet(ip,rif,NULL,NULL,0,0);
+ dump_packet(ip,rif,NULL,NULL,0,0,0,0);
}
return FW_BLOCK;
}
@@ -702,13 +710,16 @@
f = chain->chain;
do {
+ count = 0;
for (; f; f = f->next) {
+ count++;
if (ip_rule_match(f,rif,ip,
tcpsyn,src_port,dst_port,offset)) {
if (!testing
&& !ip_fw_domatch(f, ip, rif, chain->label,
skb, slot,
- src_port, dst_port)) {
+ src_port, dst_port,
+ count, tcpsyn)) {
ret = FW_BLOCK;
goto out;
}
@@ -1408,8 +1419,10 @@
else if ((chain = find_label(new->fwc_label)) == NULL)
ret = ENOENT;
else if ((ip_fwkern = convert_ipfw(&new->fwc_rule, &ret))
- != NULL)
+ != NULL) {
ret = del_rule_from_chain(chain, ip_fwkern);
+ kfree(ip_fwkern);
+ }
}
break;
FUNET's LINUX-ADM group, linux-adm@nic.funet.fi
TCL-scripts by Sam Shen (who was at: slshen@lbl.gov)