svn commit: r258133 - head/sys/netpfil/pf
Gleb Smirnoff
glebius at FreeBSD.org
Thu Nov 14 14:20:36 UTC 2013
Author: glebius
Date: Thu Nov 14 14:20:35 2013
New Revision: 258133
URL: http://svnweb.freebsd.org/changeset/base/258133
Log:
Some fixups to pf_get_sport after r257223:
- Do not return blindly if proto isn't ICMP.
- The dport is in network order, so fix comparisons.
- Remove ridiculous htonl(arc4random()).
- Push local variable to a narrower block.
Modified:
head/sys/netpfil/pf/pf_lb.c
Modified: head/sys/netpfil/pf/pf_lb.c
==============================================================================
--- head/sys/netpfil/pf/pf_lb.c Thu Nov 14 13:51:53 2013 (r258132)
+++ head/sys/netpfil/pf/pf_lb.c Thu Nov 14 14:20:35 2013 (r258133)
@@ -227,7 +227,6 @@ pf_get_sport(sa_family_t af, u_int8_t pr
{
struct pf_state_key_cmp key;
struct pf_addr init_addr;
- uint16_t cut;
bzero(&init_addr, sizeof(init_addr));
if (pf_map_addr(af, r, saddr, naddr, &init_addr, sn))
@@ -235,21 +234,19 @@ pf_get_sport(sa_family_t af, u_int8_t pr
switch (proto) {
case IPPROTO_ICMP:
- if (dport != ICMP_ECHO)
+ if (dport != htons(ICMP_ECHO))
return (0);
low = 1;
high = 65535;
break;
#ifdef INET6
case IPPROTO_ICMPV6:
- if (dport != ICMP_ECHO)
+ if (dport != htons(ICMP6_ECHO_REQUEST))
return (0);
low = 1;
high = 65535;
break;
#endif
- default:
- return (0); /* Don't try to modify non-echo ICMP */
}
bzero(&key, sizeof(key));
@@ -283,7 +280,7 @@ pf_get_sport(sa_family_t af, u_int8_t pr
return (0);
}
} else {
- uint16_t tmp;
+ uint16_t tmp, cut;
if (low > high) {
tmp = low;
@@ -291,7 +288,7 @@ pf_get_sport(sa_family_t af, u_int8_t pr
high = tmp;
}
/* low < high */
- cut = htonl(arc4random()) % (1 + high - low) + low;
+ cut = arc4random() % (1 + high - low) + low;
/* low <= cut <= high */
for (tmp = cut; tmp <= high; ++(tmp)) {
key.port[1] = htons(tmp);
More information about the svn-src-head
mailing list