From owner-freebsd-net Fri Oct 27 7:57: 0 2000 Delivered-To: freebsd-net@freebsd.org Received: from whale.sunbay.crimea.ua (whale.sunbay.crimea.ua [212.110.138.65]) by hub.freebsd.org (Postfix) with ESMTP id 452C937B479 for ; Fri, 27 Oct 2000 07:56:53 -0700 (PDT) Received: (from ru@localhost) by whale.sunbay.crimea.ua (8.11.0/8.11.0) id e9REu7640085; Fri, 27 Oct 2000 17:56:07 +0300 (EEST) (envelope-from ru) Date: Fri, 27 Oct 2000 17:56:06 +0300 From: Ruslan Ermilov To: Darren Reed , Darren Reed Cc: net@FreeBSD.org Subject: Re: [CFR] IPFILTER patch Message-ID: <20001027175606.A39062@sunbay.com> Mail-Followup-To: Darren Reed , Darren Reed , net@FreeBSD.org References: <20001027170933.A36523@sunbay.com> <200010271431.BAA19966@avalon.reed.wattle.id.au> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200010271431.BAA19966@avalon.reed.wattle.id.au>; from darrenr@reed.wattle.id.au on Sat, Oct 28, 2000 at 01:31:23AM +1100 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, Oct 28, 2000 at 01:31:23AM +1100, Darren Reed wrote: > In some email I received from Ruslan Ermilov, sie wrote: > > Hi! > > > > As we discussed yesterday, here are the patches to IPFILTER > > that are needed for my upcoming "byte-swapping elimination" > > patch. Sorry, it took a bit more than an hour... > > Hmm, there are some problems with this. > > In some cases, off is being put into an int (should always be > a u_short) > Huh, the only such a case I see is inside fr_makefrip(), and is easily fixed by: --- fil.c 2000/10/26 12:33:42 1.21 +++ fil.c 2000/10/27 14:50:40 @@ -204,8 +204,8 @@ int hlen; ip_t *ip; fr_info_t *fin; { - u_short optmsk = 0, secmsk = 0, auth = 0; - int i, mv, ol, off, p, plen, v; + u_short optmsk = 0, secmsk = 0, auth = 0, off; + int i, mv, ol, p, plen, v; fr_ip_t *fi = &fin->fin_fi; struct optlist *op; u_char *s, opt; > but of more concern is that you're treating fin_off > as both a byte address (you shift it left three times) and as > the eight byte offset it actually is in the packet. > Umm, not exactly. They are really EQUIVALENT for zero/non-zero tests. If the offset is zero, then offset*8 is also zero, and vice versa. As for the ip_frag.c code, I have explicitly stated that it now stores offsets of fragments in bytes (previously was in octets). So this should not be a problem. -- Ruslan Ermilov Oracle Developer/DBA, ru@sunbay.com Sunbay Software AG, ru@FreeBSD.org FreeBSD committer, +380.652.512.251 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message