diff -cr ip_fil3.4.2/HISTORY ip_fil3.4.3/HISTORY *** ip_fil3.4.2/HISTORY Wed May 10 08:47:36 2000 --- ip_fil3.4.3/HISTORY Sat May 20 02:05:37 2000 *************** *** 20,25 **** --- 20,44 ---- # and especially those who have found the time to port IP Filter to new # platforms. # + 3.4.3 20/05/2000 - Released + + fix ipmon -F + + don't truncate IPv6 packets on Solaris + + fix keep state for ICMP ECHO + + add some NAT stats and use def_nat_age rather than DEF_NAT_AGE + + don't make ftp proxy drop packets + + use MCLISREFERENCED() in tandem with M_EXT to check if IP fields need to be + swapped back. + + fix up RST generation for non-Solaris + + get "short" flag right for IPv6 + 3.4.2 - 10/5/2000 - Released Fix bug in dealing with "hlen == 1 and opt > 1" - Itojun diff -cr ip_fil3.4.2/SunOS5/pkginfo ip_fil3.4.3/SunOS5/pkginfo *** ip_fil3.4.2/SunOS5/pkginfo Wed May 10 08:44:14 2000 --- ip_fil3.4.3/SunOS5/pkginfo Sat May 20 02:05:38 2000 *************** *** 5,11 **** PKG=ipf NAME=IP Filter ARCH=ARCH_updated_by_sed_when_package_is_built ! VERSION=3.4.2 CATEGORY=system DESC=This package contains tools for building a firewall VENDOR=Darren Reed --- 5,11 ---- PKG=ipf NAME=IP Filter ARCH=ARCH_updated_by_sed_when_package_is_built ! VERSION=3.4.3 CATEGORY=system DESC=This package contains tools for building a firewall VENDOR=Darren Reed diff -cr ip_fil3.4.2/fil.c ip_fil3.4.3/fil.c *** ip_fil3.4.2/fil.c Wed May 10 08:42:40 2000 --- ip_fil3.4.3/fil.c Thu May 11 22:28:18 2000 *************** *** 7,13 **** */ #if !defined(lint) static const char sccsid[] = "@(#)fil.c 1.36 6/5/96 (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: fil.c,v 2.35.2.6 2000/05/09 22:42:40 darrenr Exp $"; #endif #if defined(_KERNEL) && defined(__FreeBSD_version) && \ --- 7,13 ---- */ #if !defined(lint) static const char sccsid[] = "@(#)fil.c 1.36 6/5/96 (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: fil.c,v 2.35.2.7 2000/05/11 12:28:18 darrenr Exp $"; #endif #if defined(_KERNEL) && defined(__FreeBSD_version) && \ *************** *** 300,316 **** } case IPPROTO_TCP : fi->fi_fl |= FI_TCPUDP; ! if ((v == 4) && ((!IPMINLEN(ip, tcphdr) && !off) || ! (off && off < sizeof(struct tcphdr)))) ! fi->fi_fl |= FI_SHORT; if (!(fi->fi_fl & FI_SHORT) && !off) fin->fin_tcpf = tcp->th_flags; goto getports; case IPPROTO_UDP : fi->fi_fl |= FI_TCPUDP; ! if ((v == 4) && ((!IPMINLEN(ip, udphdr) && !off) || ! (off && off < sizeof(struct udphdr)))) ! fi->fi_fl |= FI_SHORT; getports: if (!off && (fin->fin_dlen > 3)) { fin->fin_data[0] = ntohs(tcp->th_sport); --- 300,332 ---- } case IPPROTO_TCP : fi->fi_fl |= FI_TCPUDP; ! #ifdef USE_INET6 ! if (v == 6) { ! if (plen < sizeof(struct tcphdr)) ! fi->fi_fl |= FI_SHORT; ! } else ! #endif ! if (v == 4) { ! if ((!IPMINLEN(ip, tcphdr) && !off) || ! (off && off < sizeof(struct tcphdr))) ! fi->fi_fl |= FI_SHORT; ! } if (!(fi->fi_fl & FI_SHORT) && !off) fin->fin_tcpf = tcp->th_flags; goto getports; case IPPROTO_UDP : fi->fi_fl |= FI_TCPUDP; ! #ifdef USE_INET6 ! if (v == 6) { ! if (plen < sizeof(struct udphdr)) ! fi->fi_fl |= FI_SHORT; ! } else ! #endif ! if (v == 4) { ! if ((!IPMINLEN(ip, udphdr) && !off) || ! (off && off < sizeof(struct udphdr))) ! fi->fi_fl |= FI_SHORT; ! } getports: if (!off && (fin->fin_dlen > 3)) { fin->fin_data[0] = ntohs(tcp->th_sport); *************** *** 812,817 **** --- 828,834 ---- if ((out) && (v == 4)) ip->ip_id = ntohs(ip->ip_id); + changed = 0; fin->fin_v = v; fin->fin_ifp = ifp; fin->fin_out = out; *************** *** 1335,1341 **** * SUCH DAMAGE. * * @(#)uipc_mbuf.c 8.2 (Berkeley) 1/4/94 ! * $Id: fil.c,v 2.35.2.6 2000/05/09 22:42:40 darrenr Exp $ */ /* * Copy data from an mbuf chain starting "off" bytes from the beginning, --- 1352,1358 ---- * SUCH DAMAGE. * * @(#)uipc_mbuf.c 8.2 (Berkeley) 1/4/94 ! * $Id: fil.c,v 2.35.2.7 2000/05/11 12:28:18 darrenr Exp $ */ /* * Copy data from an mbuf chain starting "off" bytes from the beginning, diff -cr ip_fil3.4.2/ip_fil.c ip_fil3.4.3/ip_fil.c *** ip_fil3.4.2/ip_fil.c Wed May 10 08:43:31 2000 --- ip_fil3.4.3/ip_fil.c Sat May 13 17:46:49 2000 *************** *** 7,13 **** */ #if !defined(lint) static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ip_fil.c,v 2.42.2.4 2000/05/09 22:43:31 darrenr Exp $"; #endif #ifndef SOLARIS --- 7,13 ---- */ #if !defined(lint) static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ip_fil.c,v 2.42.2.6 2000/05/13 07:46:49 darrenr Exp $"; #endif #ifndef SOLARIS *************** *** 988,1012 **** # ifdef USE_INET6 ip6 = (ip6_t *)ip; # endif tcp2 = (struct tcphdr *)((char *)ip + hlen); tcp2->th_sport = tcp->th_dport; tcp2->th_dport = tcp->th_sport; - tcp2->th_seq = 0; tcp2->th_ack = ntohl(tcp->th_seq); tcp2->th_ack += tlen; tcp2->th_ack = htonl(tcp2->th_ack); - tcp2->th_x2 = 0; tcp2->th_off = sizeof(*tcp2) >> 2; tcp2->th_flags = TH_RST|TH_ACK; - tcp2->th_win = 0; - tcp2->th_sum = 0; # ifdef USE_INET6 if (fin->fin_v == 6) { - ip6->ip6_flow = 0; ip6->ip6_plen = htons(sizeof(struct tcphdr)); ip6->ip6_nxt = IPPROTO_TCP; - ip6->ip6_hlim = 0; ip6->ip6_src = oip6->ip6_dst; ip6->ip6_dst = oip6->ip6_src; tcp2->th_sum = in6_cksum(m, IPPROTO_TCP, --- 988,1007 ---- # ifdef USE_INET6 ip6 = (ip6_t *)ip; # endif + bzero((char *)ip, sizeof(*tcp2) + hlen) tcp2 = (struct tcphdr *)((char *)ip + hlen); tcp2->th_sport = tcp->th_dport; tcp2->th_dport = tcp->th_sport; tcp2->th_ack = ntohl(tcp->th_seq); tcp2->th_ack += tlen; tcp2->th_ack = htonl(tcp2->th_ack); tcp2->th_off = sizeof(*tcp2) >> 2; tcp2->th_flags = TH_RST|TH_ACK; # ifdef USE_INET6 if (fin->fin_v == 6) { ip6->ip6_plen = htons(sizeof(struct tcphdr)); ip6->ip6_nxt = IPPROTO_TCP; ip6->ip6_src = oip6->ip6_dst; ip6->ip6_dst = oip6->ip6_src; tcp2->th_sum = in6_cksum(m, IPPROTO_TCP, *************** *** 1044,1049 **** --- 1039,1045 ---- ip->ip_tos = oip->ip_tos; ip->ip_len = len; ip->ip_id = oip->ip_id; + ip->ip_off = 0; # if (BSD < 199306) || defined(__sgi) ip->ip_ttl = tcp_ttl; # else *************** *** 1356,1362 **** */ if (ip->ip_len <= ifp->if_mtu) { # if BSD >= 199306 ! int i = m->m_flags & M_EXT; # endif # ifndef sparc ip->ip_id = htons(ip->ip_id); --- 1352,1361 ---- */ if (ip->ip_len <= ifp->if_mtu) { # if BSD >= 199306 ! int i = 0; ! ! if ((m->m_flags & M_EXT) && MCLISREFERENCED(m)) ! i = 1; # endif # ifndef sparc ip->ip_id = htons(ip->ip_id); diff -cr ip_fil3.4.2/ip_ftp_pxy.c ip_fil3.4.3/ip_ftp_pxy.c *** ip_fil3.4.2/ip_ftp_pxy.c Tue May 9 21:41:46 2000 --- ip_fil3.4.3/ip_ftp_pxy.c Sun May 14 00:28:14 2000 *************** *** 2,8 **** * Simple FTP transparent proxy for in-kernel use. For use with the NAT * code. * ! * $Id: ip_ftp_pxy.c,v 2.7.2.5 2000/05/09 11:41:46 darrenr Exp $ */ #if SOLARIS && defined(_KERNEL) extern kmutex_t ipf_rw; --- 2,8 ---- * Simple FTP transparent proxy for in-kernel use. For use with the NAT * code. * ! * $Id: ip_ftp_pxy.c,v 2.7.2.7 2000/05/13 14:28:14 darrenr Exp $ */ #if SOLARIS && defined(_KERNEL) extern kmutex_t ipf_rw; *************** *** 309,326 **** int dlen; { tcphdr_t *tcp, tcph, *tcp2 = &tcph; - char newbuf[IPF_FTPBUFSZ], *s; struct in_addr swip, swip2; u_short a5, a6, sp, dp; u_int a1, a2, a3, a4; - size_t nlen, olen; fr_info_t fi; int inc, off; nat_t *ipn; ! mb_t *m; ! #if SOLARIS ! mb_t *m1; ! #endif /* * Check for PASV reply message. */ --- 309,322 ---- int dlen; { tcphdr_t *tcp, tcph, *tcp2 = &tcph; struct in_addr swip, swip2; u_short a5, a6, sp, dp; u_int a1, a2, a3, a4; fr_info_t fi; int inc, off; nat_t *ipn; ! char *s; ! /* * Check for PASV reply message. */ *************** *** 626,632 **** * apart from causing packets to go through here ordered). */ if (ntohl(tcp->th_seq) != f->ftps_seq + (wptr - rptr)) { ! return APR_ERR(-1); } while (mlen > 0) { --- 622,628 ---- * apart from causing packets to go through here ordered). */ if (ntohl(tcp->th_seq) != f->ftps_seq + (wptr - rptr)) { ! return APR_ERR(0); } while (mlen > 0) { diff -cr ip_fil3.4.2/ip_nat.c ip_fil3.4.3/ip_nat.c *** ip_fil3.4.2/ip_nat.c Sat May 6 22:29:48 2000 --- ip_fil3.4.3/ip_nat.c Sat May 20 01:54:44 2000 *************** *** 9,15 **** */ #if !defined(lint) static const char sccsid[] = "@(#)ip_nat.c 1.11 6/5/96 (C) 1995 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ip_nat.c,v 2.37.2.4 2000/05/06 12:29:48 darrenr Exp $"; #endif #if defined(__FreeBSD__) && defined(KERNEL) && !defined(_KERNEL) --- 9,15 ---- */ #if !defined(lint) static const char sccsid[] = "@(#)ip_nat.c 1.11 6/5/96 (C) 1995 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ip_nat.c,v 2.37.2.10 2000/05/19 15:54:44 darrenr Exp $"; #endif #if defined(__FreeBSD__) && defined(KERNEL) && !defined(_KERNEL) *************** *** 228,234 **** } ! void nat_delrdr(n) ipnat_t *n; { if (n->in_rnext) --- 228,234 ---- } ! static void nat_delrdr(n) ipnat_t *n; { if (n->in_rnext) *************** *** 432,442 **** { #ifdef IPFILTER_LOG case SIOCIPFFB : if (!(mode & FWRITE)) error = EPERM; ! else ! *(int *)data = ipflog_clear(IPL_LOGNAT); break; #endif case SIOCADNAT : if (!(mode & FWRITE)) { --- 432,448 ---- { #ifdef IPFILTER_LOG case SIOCIPFFB : + { + int tmp; + if (!(mode & FWRITE)) error = EPERM; ! else { ! tmp = ipflog_clear(IPL_LOGNAT); ! IWCOPY((char *)&tmp, (char *)data, sizeof(tmp)); ! } break; + } #endif case SIOCADNAT : if (!(mode & FWRITE)) { *************** *** 1093,1100 **** /* Give me a new nat */ KMALLOC(nat, nat_t *); ! if (nat == NULL) return NULL; bzero((char *)nat, sizeof(*nat)); nat->nat_flags = flags; --- 1099,1108 ---- /* Give me a new nat */ KMALLOC(nat, nat_t *); ! if (nat == NULL) { ! nat_stats.ns_memfail++; return NULL; + } bzero((char *)nat, sizeof(*nat)); nat->nat_flags = flags; *************** *** 1166,1172 **** port += MAPBLK_MINPORT; port = htons(port); } ! } else if (!np->in_nip && (np->in_outmsk == 0xffffffff)) { /* * 0/32 - use the interface's IP address. --- 1174,1180 ---- port += MAPBLK_MINPORT; port = htons(port); } ! } else if (!np->in_outip && (np->in_outmsk == 0xffffffff)) { /* * 0/32 - use the interface's IP address. *************** *** 1175,1181 **** fr_ifpaddr(4, fin->fin_ifp, &in) == -1) goto badnat; in.s_addr = ntohl(in.s_addr); ! } else if (!np->in_nip && !np->in_outmsk) { /* * 0/0 - use the original source address/port. */ --- 1183,1189 ---- fr_ifpaddr(4, fin->fin_ifp, &in) == -1) goto badnat; in.s_addr = ntohl(in.s_addr); ! } else if (!np->in_outip && !np->in_outmsk) { /* * 0/0 - use the original source address/port. */ *************** *** 1396,1401 **** --- 1404,1410 ---- np->in_use++; return nat; badnat: + nat_stats.ns_badnat++; if ((hm = nat->nat_hm) != NULL) nat_hostmapdel(hm); KFREE(nat); *************** *** 1692,1698 **** } ! int nat_match(fin, np, ip) fr_info_t *fin; ipnat_t *np; ip_t *ip; --- 1701,1707 ---- } ! static int nat_match(fin, np, ip) fr_info_t *fin; ipnat_t *np; ip_t *ip; *************** *** 1888,1895 **** if (nat->nat_age < fr_defnaticmpage) nat->nat_age = fr_defnaticmpage; #ifdef LARGE_NAT ! else if (nat->nat_age > DEF_NAT_AGE) ! nat->nat_age = DEF_NAT_AGE; #endif /* * Increase this because we may have --- 1897,1904 ---- if (nat->nat_age < fr_defnaticmpage) nat->nat_age = fr_defnaticmpage; #ifdef LARGE_NAT ! else if (nat->nat_age > fr_defnatage) ! nat->nat_age = fr_defnatage; #endif /* * Increase this because we may have *************** *** 1974,1980 **** READ_ENTER(&ipf_nat); ! if ((ip->ip_p == IPPROTO_ICMP) && (nat = nat_icmp(ip, fin, &nflags, NAT_INBOUND))) ; else if ((ip->ip_off & IP_OFFMASK) && (nat = ipfr_nat_knownfrag(ip, fin))) --- 1983,1990 ---- READ_ENTER(&ipf_nat); ! if ((ip->ip_p == IPPROTO_ICMP) && ! (nat = nat_icmp(ip, fin, &nflags, NAT_INBOUND))) ; else if ((ip->ip_off & IP_OFFMASK) && (nat = ipfr_nat_knownfrag(ip, fin))) *************** *** 2087,2094 **** if (nat->nat_age < fr_defnaticmpage) nat->nat_age = fr_defnaticmpage; #ifdef LARGE_NAT ! else if (nat->nat_age > DEF_NAT_AGE) ! nat->nat_age = DEF_NAT_AGE; #endif /* * Increase this because we may have --- 2097,2104 ---- if (nat->nat_age < fr_defnaticmpage) nat->nat_age = fr_defnaticmpage; #ifdef LARGE_NAT ! else if (nat->nat_age > fr_defnatage) ! nat->nat_age = fr_defnatage; #endif /* * Increase this because we may have diff -cr ip_fil3.4.2/ip_nat.h ip_fil3.4.3/ip_nat.h *** ip_fil3.4.2/ip_nat.h Thu Mar 16 12:38:38 2000 --- ip_fil3.4.3/ip_nat.h Mon May 15 16:50:14 2000 *************** *** 6,12 **** * to the original author and the contributors. * * @(#)ip_nat.h 1.5 2/4/96 ! * $Id: ip_nat.h,v 2.17 2000/03/16 01:38:38 darrenr Exp $ */ #ifndef __IP_NAT_H__ --- 6,12 ---- * to the original author and the contributors. * * @(#)ip_nat.h 1.5 2/4/96 ! * $Id: ip_nat.h,v 2.17.2.1 2000/05/15 06:50:14 darrenr Exp $ */ #ifndef __IP_NAT_H__ *************** *** 192,197 **** --- 192,199 ---- u_long ns_inuse; u_long ns_logged; u_long ns_logfail; + u_long ns_memfail; + u_long ns_badnat; nat_t **ns_table[2]; ipnat_t *ns_list; void *ns_apslist; diff -cr ip_fil3.4.2/ip_sfil.c ip_fil3.4.3/ip_sfil.c *** ip_fil3.4.2/ip_sfil.c Fri Mar 17 14:10:22 2000 --- ip_fil3.4.3/ip_sfil.c Sat May 13 17:47:26 2000 *************** *** 9,15 **** */ #if !defined(lint) static const char sccsid[] = "%W% %G% (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ip_sfil.c,v 2.23 2000/03/17 03:10:22 darrenr Exp $"; #endif #include --- 9,15 ---- */ #if !defined(lint) static const char sccsid[] = "%W% %G% (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ip_sfil.c,v 2.23.2.1 2000/05/13 07:47:26 darrenr Exp $"; #endif #include *************** *** 712,720 **** tcp2->th_ack = htonl(ntohl(tcp->th_seq) + tlen); tcp2->th_seq = tcp->th_ack; tcp2->th_off = sizeof(struct tcphdr) >> 2; - tcp2->th_x2 = 0; tcp2->th_flags = TH_RST|TH_ACK; - tcp2->th_win = 0; /* * This is to get around a bug in the Solaris 2.4/2.5 TCP checksum --- 712,718 ---- diff -cr ip_fil3.4.2/ip_state.c ip_fil3.4.3/ip_state.c *** ip_fil3.4.2/ip_state.c Sat Apr 29 00:56:52 2000 --- ip_fil3.4.3/ip_state.c Sat May 20 01:54:43 2000 *************** *** 7,13 **** */ #if !defined(lint) static const char sccsid[] = "@(#)ip_state.c 1.8 6/5/96 (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ip_state.c,v 2.30.2.5 2000/04/28 14:56:52 darrenr Exp $"; #endif #include --- 7,13 ---- */ #if !defined(lint) static const char sccsid[] = "@(#)ip_state.c 1.8 6/5/96 (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ip_state.c,v 2.30.2.8 2000/05/19 15:54:43 darrenr Exp $"; #endif #include *************** *** 287,294 **** case SIOCIPFFB : if (!(mode & FWRITE)) error = EPERM; ! else ! *(int *)data = ipflog_clear(IPL_LOGSTATE); break; #endif case SIOCGETFS : --- 287,298 ---- case SIOCIPFFB : if (!(mode & FWRITE)) error = EPERM; ! else { ! int tmp; ! ! tmp = ipflog_clear(IPL_LOGSTATE); ! IWCOPY((char *)&tmp, data, sizeof(tmp)); ! } break; #endif case SIOCGETFS : *************** *** 912,918 **** icmphdr_t *icmp; { if (v == 4) { ! if ((icmpreplytype4[is->is_type] == icmp->icmp_type) && (icmp->icmp_id == is->is_icmp.ics_id) && (icmp->icmp_seq == is->is_icmp.ics_seq)) { return 1; --- 916,927 ---- icmphdr_t *icmp; { if (v == 4) { ! /* ! * If we matched its type on the way in, then when going out ! * it will still be the same type. ! */ ! if (((icmp->icmp_type == is->is_type) || ! (icmpreplytype4[is->is_type] == icmp->icmp_type)) && (icmp->icmp_id == is->is_icmp.ics_id) && (icmp->icmp_seq == is->is_icmp.ics_seq)) { return 1; *************** *** 931,937 **** return 0; } ! frentry_t *fr_checkicmpmatchingstate(ip, fin) ip_t *ip; fr_info_t *fin; { --- 940,946 ---- return 0; } ! static frentry_t *fr_checkicmpmatchingstate(ip, fin) ip_t *ip; fr_info_t *fin; { diff -cr ip_fil3.4.2/ipl.h ip_fil3.4.3/ipl.h *** ip_fil3.4.2/ipl.h Wed May 10 08:44:13 2000 --- ip_fil3.4.3/ipl.h Sat May 20 02:05:38 2000 *************** *** 6,17 **** * to the original author and the contributors. * * @(#)ipl.h 1.21 6/5/96 ! * $Id: ipl.h,v 2.15.2.3 2000/05/09 22:44:13 darrenr Exp $ */ #ifndef __IPL_H__ #define __IPL_H__ ! #define IPL_VERSION "IP Filter: v3.4.2" #endif --- 6,17 ---- * to the original author and the contributors. * * @(#)ipl.h 1.21 6/5/96 ! * $Id: ipl.h,v 2.15.2.4 2000/05/19 16:05:38 darrenr Exp $ */ #ifndef __IPL_H__ #define __IPL_H__ ! #define IPL_VERSION "IP Filter: v3.4.3" #endif diff -cr ip_fil3.4.2/ipnat.c ip_fil3.4.3/ipnat.c *** ip_fil3.4.2/ipnat.c Sat May 6 22:02:53 2000 --- ip_fil3.4.3/ipnat.c Mon May 15 16:54:18 2000 *************** *** 57,63 **** #if !defined(lint) static const char sccsid[] ="@(#)ipnat.c 1.9 6/5/96 (C) 1993 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ipnat.c,v 2.16.2.1 2000/05/06 12:02:53 darrenr Exp $"; #endif --- 57,63 ---- #if !defined(lint) static const char sccsid[] ="@(#)ipnat.c 1.9 6/5/96 (C) 1993 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ipnat.c,v 2.16.2.2 2000/05/15 06:54:18 darrenr Exp $"; #endif *************** *** 303,308 **** --- 303,310 ---- ns.ns_mapped[0], ns.ns_mapped[1]); printf("added\t%lu\texpired\t%lu\n", ns.ns_added, ns.ns_expire); + printf("no memory\t%lu\tbad nat\t%lu\n", + ns.ns_memfail, ns.ns_badnat); printf("inuse\t%lu\nrules\t%lu\n", ns.ns_inuse, ns.ns_rules); if (opts & OPT_VERBOSE) printf("table %p list %p\n", ns.ns_table, ns.ns_list); diff -cr ip_fil3.4.2/solaris.c ip_fil3.4.3/solaris.c *** ip_fil3.4.2/solaris.c Sun Apr 30 15:03:43 2000 --- ip_fil3.4.3/solaris.c Thu May 11 22:12:51 2000 *************** *** 6,12 **** * to the original author and the contributors. */ /* #pragma ident "@(#)solaris.c 1.12 6/5/96 (C) 1995 Darren Reed"*/ ! #pragma ident "@(#)$Id: solaris.c,v 2.15.2.1 2000/04/30 05:03:43 darrenr Exp $" #include #include --- 6,12 ---- * to the original author and the contributors. */ /* #pragma ident "@(#)solaris.c 1.12 6/5/96 (C) 1995 Darren Reed"*/ ! #pragma ident "@(#)$Id: solaris.c,v 2.15.2.2 2000/05/11 12:12:51 darrenr Exp $" #include #include *************** *** 766,774 **** break; } ! if (hlen > mlen) hlen = mlen; ! else if (m->b_wptr - m->b_rptr > plen) m->b_wptr = m->b_rptr + plen; /* --- 766,779 ---- break; } ! if (hlen > mlen) { hlen = mlen; ! #if SOLARIS2 >= 8 ! } else if (sap == IP6_DL_SAP) { ! if (m->b_wptr - m->b_rptr > plen + hlen) ! m->b_wptr = m->b_rptr + plen + hlen; ! #endif ! } else if (m->b_wptr - m->b_rptr > plen) m->b_wptr = m->b_rptr + plen; /* *************** *** 844,857 **** m1 = copymsg(mb); freemsg(mb); mb = m1; - } - - if (mb->b_datap->db_ref > 1) { - mblk_t *m1; - - m1 = copymsg(mb); - freemsg(mb); - mb = m1; frstats[0].fr_copy++; } --- 849,854 ---- *************** *** 945,958 **** mb->b_prev = NULL; freemsg(mb); return 0; - } - - if (mb->b_datap->db_ref > 1) { - mblk_t *m1; - - m1 = copymsg(mb); - freemsg(mb); - mb = m1; } if (mb->b_datap->db_ref > 1) { --- 942,947 ----