Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 14 Nov 2013 14:20:35 +0000 (UTC)
From:      Gleb Smirnoff <glebius@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r258133 - head/sys/netpfil/pf
Message-ID:  <201311141420.rAEEKZuC051057@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: glebius
Date: Thu Nov 14 14:20:35 2013
New Revision: 258133
URL: http://svnweb.freebsd.org/changeset/base/258133

Log:
  Some fixups to pf_get_sport after r257223:
  
  - Do not return blindly if proto isn't ICMP.
  - The dport is in network order, so fix comparisons.
  - Remove ridiculous htonl(arc4random()).
  - Push local variable to a narrower block.

Modified:
  head/sys/netpfil/pf/pf_lb.c

Modified: head/sys/netpfil/pf/pf_lb.c
==============================================================================
--- head/sys/netpfil/pf/pf_lb.c	Thu Nov 14 13:51:53 2013	(r258132)
+++ head/sys/netpfil/pf/pf_lb.c	Thu Nov 14 14:20:35 2013	(r258133)
@@ -227,7 +227,6 @@ pf_get_sport(sa_family_t af, u_int8_t pr
 {
 	struct pf_state_key_cmp	key;
 	struct pf_addr		init_addr;
-	uint16_t		cut;
 
 	bzero(&init_addr, sizeof(init_addr));
 	if (pf_map_addr(af, r, saddr, naddr, &init_addr, sn))
@@ -235,21 +234,19 @@ pf_get_sport(sa_family_t af, u_int8_t pr
 
 	switch (proto) {
 	case IPPROTO_ICMP:
-		if (dport != ICMP_ECHO)
+		if (dport != htons(ICMP_ECHO))
 			return (0);
 		low = 1;
 		high = 65535;
 		break;
 #ifdef INET6
 	case IPPROTO_ICMPV6:
-		if (dport != ICMP_ECHO)
+		if (dport != htons(ICMP6_ECHO_REQUEST))
 			return (0);
 		low = 1;
 		high = 65535;
 		break;
 #endif
-	default:
-		return (0); /* Don't try to modify non-echo ICMP */
 	}
 
 	bzero(&key, sizeof(key));
@@ -283,7 +280,7 @@ pf_get_sport(sa_family_t af, u_int8_t pr
 				return (0);
 			}
 		} else {
-			uint16_t tmp;
+			uint16_t tmp, cut;
 
 			if (low > high) {
 				tmp = low;
@@ -291,7 +288,7 @@ pf_get_sport(sa_family_t af, u_int8_t pr
 				high = tmp;
 			}
 			/* low < high */
-			cut = htonl(arc4random()) % (1 + high - low) + low;
+			cut = arc4random() % (1 + high - low) + low;
 			/* low <= cut <= high */
 			for (tmp = cut; tmp <= high; ++(tmp)) {
 				key.port[1] = htons(tmp);

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201311141420.rAEEKZuC051057>