CVS commit: src/sys/net/npf

Tue, 05 Jun 2012 15:47:02 -0700 

Module Name:    src
Committed By:   rmind
Date:           Tue Jun  5 22:46:54 UTC 2012

Modified Files:
        src/sys/net/npf: npf_state_tcp.c

Log Message:
npf_state_tcp: add an assert; fix some comments while here.


To generate a diff of this commit:
cvs rdiff -u -r1.5 -r1.6 src/sys/net/npf/npf_state_tcp.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/net/npf/npf_state_tcp.c
diff -u src/sys/net/npf/npf_state_tcp.c:1.5 src/sys/net/npf/npf_state_tcp.c:1.6
--- src/sys/net/npf/npf_state_tcp.c:1.5	Wed May 30 21:38:03 2012
+++ src/sys/net/npf/npf_state_tcp.c	Tue Jun  5 22:46:54 2012
@@ -1,4 +1,4 @@
-/*	$NetBSD: npf_state_tcp.c,v 1.5 2012/05/30 21:38:03 rmind Exp $	*/
+/*	$NetBSD: npf_state_tcp.c,v 1.6 2012/06/05 22:46:54 rmind Exp $	*/
 
 /*-
  * Copyright (c) 2010-2011 The NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_state_tcp.c,v 1.5 2012/05/30 21:38:03 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_state_tcp.c,v 1.6 2012/06/05 22:46:54 rmind Exp $");
 
 #include <sys/param.h>
 #include <sys/types.h>
@@ -54,7 +54,7 @@ __KERNEL_RCSID(0, "$NetBSD: npf_state_tc
  * NPF TCP states.  Note: these states are different from the TCP FSM
  * states of RFC 793.  The packet filter is a man-in-the-middle.
  */
-#define NPF_TCPS_OK		(-1)
+#define	NPF_TCPS_OK		(-1)
 #define	NPF_TCPS_CLOSED		0
 #define	NPF_TCPS_SYN_SENT	1
 #define	NPF_TCPS_SIMSYN_SENT	2
@@ -330,8 +330,9 @@ npf_tcp_inwindow(const npf_cache_t *npc,
 	 */
 	if (__predict_false(fstate->nst_maxwin == 0)) {
 		/*
-		 * Should be first SYN or re-transmission of SYN.  State of
-		 * other side will get set with a SYN-ACK reply (see below).
+		 * Normally, it should be the first SYN or a re-transmission
+		 * of SYN.  The state of the other side will get set with a
+		 * SYN-ACK reply (see below).
 		 */
 		fstate->nst_end = end;
 		fstate->nst_maxend = end;
@@ -370,6 +371,7 @@ npf_tcp_inwindow(const npf_cache_t *npc,
 			    wscale : 0;
 		}
 	}
+
 	if ((tcpfl & TH_ACK) == 0) {
 		/* Pretend that an ACK was sent. */
 		ack = tstate->nst_end;
@@ -384,7 +386,7 @@ npf_tcp_inwindow(const npf_cache_t *npc,
 	}
 #if 0
 	/* Strict in-order sequence for RST packets. */
-	if (((tcpfl & TH_RST) != 0) && (fstate->nst_end - seq) > 1) {
+	if ((tcpfl & TH_RST) != 0 && (fstate->nst_end - seq) > 1) {
 		return false;
 	}
 #endif
@@ -404,7 +406,7 @@ npf_tcp_inwindow(const npf_cache_t *npc,
 	}
 
 	/*
-	 * Boundaries for valid acknowledgments (III, IV) - on predicted
+	 * Boundaries for valid acknowledgments (III, IV) - one predicted
 	 * window up or down, since packets may be fragmented.
 	 */
 	ackskew = tstate->nst_end - ack;
@@ -420,6 +422,7 @@ npf_tcp_inwindow(const npf_cache_t *npc,
 	 * Negative ackskew might be due to fragmented packets.  Since the
 	 * total length of the packet is unknown - bump the boundary.
 	 */
+
 	if (ackskew < 0) {
 		tstate->nst_end = ack;
 	}
@@ -444,6 +447,8 @@ npf_state_tcp(const npf_cache_t *npc, nb
 	const int tcpfl = th->th_flags, state = nst->nst_state;
 	int nstate;
 
+	KASSERT(mutex_owned(&nst->nst_lock));
+
 	/* Look for a transition to a new state. */
 	if (__predict_true((tcpfl & TH_RST) == 0)) {
 		const int flagcase = npf_tcpfl2case(tcpfl);

Reply via email to