mirror/freebsd
1
0
Fork 0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-16 10:20:30 +00:00
Code Issues Releases Activity

Reject rules which try to mix ports with incompatible protocols.

Browse Source
This commit is contained in:
Alexander Langer 1996-06-29 03:33:20 +00:00
parent 209396df73
commit 32fb6c089b
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=16827
1 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
sys/netinet/ip_fw.c
View File

@ -12,7 +12,7 @@
*
* This software is provided ``AS IS'' without any warranties of any kind.
*
* $Id: ip_fw.c,v 1.41 1996/06/23 14:28:02 bde Exp $
* $Id: ip_fw.c,v 1.42 1996/06/25 00:22:20 alex Exp $
*/
/*
@ -633,6 +633,16 @@ check_ipfw_struct(struct mbuf *m)
return (NULL);
}
/*
* ICMP and ALL protocols don't check port ranges
*/
if ((frwl->fw_flg & IP_FW_F_KIND) != IP_FW_F_TCP &&
(frwl->fw_flg & IP_FW_F_KIND) != IP_FW_F_UDP &&
(frwl->fw_nsp || frwl->fw_ndp)) {
dprintf(("ip_fw_ctl: invalid protocol/port combination\n"));
return(NULL);
}
/*
* Rather than modify the entry to make such entries work,
* we reject this rule and require user level utilities