diff -ru ip_fil3.4.31.dist/fil.c ip_fil3.4.31/fil.c --- ip_fil3.4.31.dist/fil.c Fri Dec 6 14:28:05 2002 +++ ip_fil3.4.31/fil.c Tue Dec 10 21:31:10 2002 @@ -262,6 +262,7 @@ fin->fin_plen = plen; fin->fin_dp = (char *)tcp; fin->fin_misc = 0; + fin->fin_stateid = 0; off <<= 3; switch (p) diff -ru ip_fil3.4.31.dist/ip_fil.h ip_fil3.4.31/ip_fil.h --- ip_fil3.4.31.dist/ip_fil.h Tue Oct 1 17:23:37 2002 +++ ip_fil3.4.31/ip_fil.h Wed Dec 11 10:19:31 2002 @@ -150,6 +150,7 @@ u_short fin_off; u_short fin_dlen; /* length of data portion of packet */ u_short fin_id; /* IP packet id field */ + u_32_t fin_stateid; /* State id */ u_int fin_misc; void *fin_mp; /* pointer to pointer to mbuf */ #if SOLARIS @@ -175,8 +176,14 @@ /* * For fin_misc */ -#define FM_BADSTATE 0x00000001 - +#define FM_BADEND 0x00000001 +#define FM_BADWIN 0x00000010 +#define FM_BADACKLOW 0x00000100 +#define FM_BADACKHIGH 0x00001000 +#define FM_BADTCPAGE 0x00010000 +#define FM_BADSTATE 0x00011111 +#define FM_CREATEDSTATE 0x00100000 + /* * Size for copying cache fr_info structure */ @@ -441,6 +448,8 @@ u_32_t fl_rule; u_32_t fl_group; u_32_t fl_flags; + u_32_t fl_stateid; + u_int fl_misc; u_char fl_dir; u_char fl_pad[3]; } ipflog_t; diff -ru ip_fil3.4.31.dist/ip_log.c ip_fil3.4.31/ip_log.c --- ip_fil3.4.31.dist/ip_log.c Sat Oct 26 08:21:30 2002 +++ ip_fil3.4.31/ip_log.c Tue Dec 10 21:55:04 2002 @@ -260,6 +260,8 @@ ipfl.fl_hlen = (u_char)hlen; ipfl.fl_rule = fin->fin_rule; ipfl.fl_group = fin->fin_group; + ipfl.fl_stateid = fin->fin_stateid; + ipfl.fl_misc = fin->fin_misc; if (fin->fin_fr != NULL) ipfl.fl_loglevel = fin->fin_fr->fr_loglevel; else diff -ru ip_fil3.4.31.dist/ip_state.c ip_fil3.4.31/ip_state.c --- ip_fil3.4.31.dist/ip_state.c Fri Dec 6 12:40:24 2002 +++ ip_fil3.4.31/ip_state.c Tue Dec 10 23:18:28 2002 @@ -103,6 +103,7 @@ #define TCP_CLOSE (TH_FIN|TH_RST) static ipstate_t **ips_table = NULL; +static int ips_nextid = 1; /* 0 is reserved for no state checked */ static int ips_num = 0; static int ips_wild = 0; static ips_stat_t ips_stats; @@ -575,6 +576,11 @@ is->is_hnext = ips_table[hv]; ips_table[hv] = is; ips_num++; + is->is_id = ips_nextid; + ips_nextid++; + if (!ips_nextid) /* if roll over, do not use id 0, id 0 */ + ips_nextid = 1; /* identifies packets not matched to a */ + /* state yet */ } @@ -817,6 +823,8 @@ if (pass & FR_LOGFIRST) is->is_pass &= ~(FR_LOGFIRST|FR_LOG); fr_stinsert(is); + fin->fin_stateid = is->is_id; + fin->fin_misc |= FM_CREATEDSTATE; is->is_me = stsave; if (is->is_p == IPPROTO_TCP) { fr_tcp_age(&is->is_age, is->is_state, fin, @@ -892,6 +900,7 @@ int ret = 0, off; int source; int wscale; + u_int serror = 0; /* * Find difference between last checked packet and this packet. @@ -951,12 +960,18 @@ #define SEQ_GE(a,b) ((int)((a) - (b)) >= 0) #define SEQ_GT(a,b) ((int)((a) - (b)) > 0) - if ((SEQ_GE(fdata->td_maxend, end)) && - (SEQ_GE(seq, fdata->td_end - maxwin)) && -/* XXX what about big packets */ #define MAXACKWINDOW 66000 - (ackskew >= -MAXACKWINDOW) && - (ackskew <= MAXACKWINDOW)) { + + if (!(SEQ_GE(fdata->td_maxend, end))) + serror |= FM_BADEND; + if (!(SEQ_GE(seq, fdata->td_end - maxwin))) + serror |= FM_BADWIN; + if (ackskew < -MAXACKWINDOW) + serror |= FM_BADACKLOW; + if (ackskew > MAXACKWINDOW) + serror |= FM_BADACKHIGH; + + if (!serror) { /* if ackskew < 0 then this should be due to fragented * packets. There is no way to know the length of the * total packet in advance. @@ -993,11 +1008,15 @@ ATOMIC_INCL(ips_stats.iss_hits); ret = 1; - } + } else + serror |= FM_BADTCPAGE; + } + fin->fin_stateid = is->is_id; MUTEX_EXIT(&is->is_lock); if ((ret == 0) && ((tcp->th_flags & TH_OPENING) != TH_SYN)) - fin->fin_misc |= FM_BADSTATE; + fin->fin_misc |= serror; + return ret; } @@ -1300,6 +1319,7 @@ is->is_pkts++; is->is_bytes += ip->ip_len; fr = is->is_rule; + fin->fin_stateid = is->is_id; break; } RWLOCK_EXIT(&ipf_state); @@ -1352,6 +1372,7 @@ if ((is->is_p == pr) && (is->is_v == 4) && fr_matchsrcdst(is, src, dst, &ofin, tcp)) { fr = is->is_rule; + fin->fin_stateid = is->is_id; ips_stats.iss_hits++; is->is_pkts++; is->is_bytes += fin->fin_plen; @@ -1644,6 +1665,7 @@ MUTEX_EXIT(&is->is_lock); fr = is->is_rule; fin->fin_rule = is->is_rulen; + fin->fin_stateid = is->is_id; if (fr != NULL) { fin->fin_group = fr->fr_group; fin->fin_icode = fr->fr_icode; @@ -2063,6 +2085,7 @@ ipsl.isl_p = is->is_p; ipsl.isl_v = is->is_v; ipsl.isl_flags = is->is_flags; + ipsl.isl_id = is->is_id; ipsl.isl_rulen = is->is_rulen; ipsl.isl_group = is->is_group; if (ipsl.isl_p == IPPROTO_TCP || ipsl.isl_p == IPPROTO_UDP) { @@ -2181,6 +2204,7 @@ ips_stats.iss_hits++; is->is_pkts++; is->is_bytes += fin->fin_plen; + fin->fin_stateid = is->is_id; return is->is_rule; } } @@ -2236,6 +2260,7 @@ ips_stats.iss_hits++; is->is_pkts++; is->is_bytes += fin->fin_plen; + fin->fin_stateid = is->is_id; /* * we deliberately do not touch the timeouts * for the accompanying state table entry. diff -ru ip_fil3.4.31.dist/ip_state.h ip_fil3.4.31/ip_state.h --- ip_fil3.4.31.dist/ip_state.h Thu Jun 27 16:40:29 2002 +++ ip_fil3.4.31/ip_state.h Tue Dec 10 16:06:28 2002 @@ -73,6 +73,7 @@ u_char is_fsm; /* 1 = following FSM, 0 = not */ u_char is_xxx; /* pad */ u_int is_hv; /* hash value for this in the table */ + u_32_t is_id; /* state id */ u_32_t is_rulen; /* rule number */ u_32_t is_flags; /* flags for this structure */ u_32_t is_opt; /* packet options set */ @@ -148,6 +149,7 @@ u_char isl_p; u_char isl_flags; u_char isl_state[2]; + u_32_t isl_id; u_32_t isl_rulen; u_32_t isl_group; } ipslog_t; diff -ru ip_fil3.4.31.dist/ipmon.c ip_fil3.4.31/ipmon.c --- ip_fil3.4.31.dist/ipmon.c Fri Dec 6 12:40:26 2002 +++ ip_fil3.4.31/ipmon.c Tue Dec 10 23:29:14 2002 @@ -773,6 +773,9 @@ sprintf(t, "Type: %d ", sl->isl_type); t += strlen(t); + sprintf(t, "[%u] ", sl->isl_id); + t += strlen(t); + proto = getproto(sl->isl_p); if (sl->isl_p == IPPROTO_TCP || sl->isl_p == IPPROTO_UDP) { @@ -1142,6 +1145,40 @@ else if (ipf->fl_dir == 1) strcpy(t, " OUT"); t += strlen(t); + + if (ipf->fl_stateid) { + (void) sprintf(t, " state [%u]", ipf->fl_stateid); + t += strlen(t); + } + if (ipf->fl_misc & FM_CREATEDSTATE) { + (void) strcpy(t, " created"); + t += strlen(t); + } + if (ipf->fl_misc & FM_BADSTATE) { + (void) strcpy(t, " bad:"); + t += strlen(t); + } + if (ipf->fl_misc & FM_BADEND) { + (void) strcpy(t, "E"); + t += strlen(t); + } + if (ipf->fl_misc & FM_BADWIN) { + (void) strcpy(t, "W"); + t += strlen(t); + } + if (ipf->fl_misc & FM_BADACKLOW) { + (void) strcpy(t, "L"); + t += strlen(t); + } + if (ipf->fl_misc & FM_BADACKHIGH) { + (void) strcpy(t, "H"); + t += strlen(t); + } + if (ipf->fl_misc & FM_BADTCPAGE) { + (void) strcpy(t, "A"); + t += strlen(t); + } + printipflog: *t++ = '\n'; *t++ = '\0'; diff -ru ip_fil3.4.31.dist/printstate.c ip_fil3.4.31/printstate.c --- ip_fil3.4.31.dist/printstate.c Fri Dec 6 12:40:28 2002 +++ ip_fil3.4.31/printstate.c Tue Dec 10 22:35:08 2002 @@ -37,10 +37,10 @@ return NULL; PRINTF("%s -> ", hostname(ips.is_v, &ips.is_src.in4)); - PRINTF("%s ttl %ld pass %#x pr %d state %d/%d\n", + PRINTF("%s ttl %ld pass %#x pr %d state %d/%d id %d\n", hostname(ips.is_v, &ips.is_dst.in4), ips.is_age, ips.is_pass, ips.is_p, - ips.is_state[0], ips.is_state[1]); + ips.is_state[0], ips.is_state[1], ips.is_id); #ifdef USE_QUAD_T PRINTF("\tpkts %qu bytes %qu", (unsigned long long) ips.is_pkts, (unsigned long long) ips.is_bytes); .