Module Name: src Committed By: christos Date: Fri Jun 28 23:25:13 UTC 2019
Modified Files: src/sys/external/bsd/ipf/netinet: fil.c Log Message: Revert previous and do the off == 1 case after we've taken the mask. To generate a diff of this commit: cvs rdiff -u -r1.28 -r1.29 src/sys/external/bsd/ipf/netinet/fil.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/sys/external/bsd/ipf/netinet/fil.c diff -u src/sys/external/bsd/ipf/netinet/fil.c:1.28 src/sys/external/bsd/ipf/netinet/fil.c:1.29 --- src/sys/external/bsd/ipf/netinet/fil.c:1.28 Wed Jun 26 11:31:17 2019 +++ src/sys/external/bsd/ipf/netinet/fil.c Fri Jun 28 19:25:12 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: fil.c,v 1.28 2019/06/26 15:31:17 christos Exp $ */ +/* $NetBSD: fil.c,v 1.29 2019/06/28 23:25:12 christos Exp $ */ /* * Copyright (C) 2012 by Darren Reed. @@ -141,7 +141,7 @@ extern struct timeout ipf_slowtimer_ch; #if !defined(lint) #if defined(__NetBSD__) #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: fil.c,v 1.28 2019/06/26 15:31:17 christos Exp $"); +__KERNEL_RCSID(0, "$NetBSD: fil.c,v 1.29 2019/06/28 23:25:12 christos Exp $"); #else static const char sccsid[] = "@(#)fil.c 1.36 6/5/96 (C) 1993-2000 Darren Reed"; static const char rcsid[] = "@(#)Id: fil.c,v 1.1.1.2 2012/07/22 13:45:07 darrenr Exp $"; @@ -1721,30 +1721,34 @@ ipf_pr_ipv4hdr(fr_info_t *fin) * calculate the byte offset that it represents. */ off &= IP_MF|IP_OFFMASK; - if (off == 1 && p == IPPROTO_TCP) { - fin->fin_flx |= FI_SHORT; /* RFC 3128 */ - DT1(ipf_fi_tcp_frag_off_1, fr_info_t *, fin); - } if (off != 0) { - int morefrag = off & IP_MF; - fi->fi_flx |= FI_FRAG; - fin->fin_flx |= FI_FRAGBODY; - off <<= 3; - if ((off + fin->fin_dlen > 65535) || - (fin->fin_dlen == 0) || - ((morefrag != 0) && ((fin->fin_dlen & 7) != 0))) { - /* - * The length of the packet, starting at its - * offset cannot exceed 65535 (0xffff) as the - * length of an IP packet is only 16 bits. - * - * Any fragment that isn't the last fragment - * must have a length greater than 0 and it - * must be an even multiple of 8. - */ - fi->fi_flx |= FI_BAD; - DT1(ipf_fi_bad_fragbody_gt_65535, fr_info_t *, fin); + off &= IP_OFFMASK; + if (off != 0) { + int morefrag = off & IP_MF; + + if (off == 1 && p == IPPROTO_TCP) { + fin->fin_flx |= FI_SHORT; /* RFC 3128 */ + DT1(ipf_fi_tcp_frag_off_1, fr_info_t *, fin); + } + + fin->fin_flx |= FI_FRAGBODY; + off <<= 3; + if ((off + fin->fin_dlen > 65535) || + (fin->fin_dlen == 0) || + ((morefrag != 0) && ((fin->fin_dlen & 7) != 0))) { + /* + * The length of the packet, starting at its + * offset cannot exceed 65535 (0xffff) as the + * length of an IP packet is only 16 bits. + * + * Any fragment that isn't the last fragment + * must have a length greater than 0 and it + * must be an even multiple of 8. + */ + fi->fi_flx |= FI_BAD; + DT1(ipf_fi_bad_fragbody_gt_65535, fr_info_t *, fin); + } } } fin->fin_off = off;