CVS commit: [netbsd-6] src/sys/net/npf
Module Name:src Committed By: martin Date: Thu May 17 13:45:15 UTC 2018 Modified Files: src/sys/net/npf [netbsd-6]: npf_alg_icmp.c npf_inet.c Log Message: Pull up following revision(s) via patch (requested by maxv in ticket #1549): sys/net/npf/npf_inet.c: revision 1.45 sys/net/npf/npf_alg_icmp.c: revision 1.27,1.28 Fix use-after-free. The nbuf can be reallocated as a result of caching 'enpc', so it is necessary to recache 'npc', otherwise it contains pointers to the freed mbuf - pointers which are then used in the ruleset machinery. We recache 'npc' when we are sure we won't use 'enpc' anymore, because 'enpc' can be clobbered as a result of caching 'npc' (in other words, only one of the two can be cached at the same time). Also, we recache 'npc' unconditionally, because there is no way to know whether the nbuf got clobbered relatively to it. We can't use the NBUF_DATAREF_RESET flag, because it is stored in the nbuf and not in the cache. Discussed with rmind@. Change npf_cache_all so that it ensures the potential ICMP Query Id is in the nbuf. In such a way that we don't need to ensure that later. Change npfa_icmp4_inspect and npfa_icmp6_inspect so that they touch neither the nbuf nor npc. Adapt their callers accordingly. In the end, if a packet has a Query Id, we set NPC_ICMP_ID in npc and leave right away, without recaching npc (not needed since we didn't touch the nbuf). This fixes the handling of Query Id packets (that I broke in my previous commit), and also fixes another possible use-after-free. To generate a diff of this commit: cvs rdiff -u -r1.8.4.7 -r1.8.4.8 src/sys/net/npf/npf_alg_icmp.c cvs rdiff -u -r1.10.4.10 -r1.10.4.11 src/sys/net/npf/npf_inet.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6] src/sys/net/npf
Module Name:src
Committed By: martin
Date: Thu May 17 13:45:15 UTC 2018
Modified Files:
src/sys/net/npf [netbsd-6]: npf_alg_icmp.c npf_inet.c
Log Message:
Pull up following revision(s) via patch (requested by maxv in ticket #1549):
sys/net/npf/npf_inet.c: revision 1.45
sys/net/npf/npf_alg_icmp.c: revision 1.27,1.28
Fix use-after-free.
The nbuf can be reallocated as a result of caching 'enpc', so it is
necessary to recache 'npc', otherwise it contains pointers to the freed
mbuf - pointers which are then used in the ruleset machinery.
We recache 'npc' when we are sure we won't use 'enpc' anymore, because
'enpc' can be clobbered as a result of caching 'npc' (in other words,
only one of the two can be cached at the same time).
Also, we recache 'npc' unconditionally, because there is no way to know
whether the nbuf got clobbered relatively to it. We can't use the
NBUF_DATAREF_RESET flag, because it is stored in the nbuf and not in the
cache.
Discussed with rmind@.
Change npf_cache_all so that it ensures the potential ICMP Query Id is in
the nbuf. In such a way that we don't need to ensure that later.
Change npfa_icmp4_inspect and npfa_icmp6_inspect so that they touch neither
the nbuf nor npc. Adapt their callers accordingly.
In the end, if a packet has a Query Id, we set NPC_ICMP_ID in npc and leave
right away, without recaching npc (not needed since we didn't touch the
nbuf).
This fixes the handling of Query Id packets (that I broke in my previous
commit), and also fixes another possible use-after-free.
To generate a diff of this commit:
cvs rdiff -u -r1.8.4.7 -r1.8.4.8 src/sys/net/npf/npf_alg_icmp.c
cvs rdiff -u -r1.10.4.10 -r1.10.4.11 src/sys/net/npf/npf_inet.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/net/npf/npf_alg_icmp.c
diff -u src/sys/net/npf/npf_alg_icmp.c:1.8.4.7 src/sys/net/npf/npf_alg_icmp.c:1.8.4.8
--- src/sys/net/npf/npf_alg_icmp.c:1.8.4.7 Mon Feb 11 21:49:49 2013
+++ src/sys/net/npf/npf_alg_icmp.c Thu May 17 13:45:15 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_alg_icmp.c,v 1.8.4.7 2013/02/11 21:49:49 riz Exp $ */
+/* $NetBSD: npf_alg_icmp.c,v 1.8.4.8 2018/05/17 13:45:15 martin Exp $ */
/*-
* Copyright (c) 2010 The NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: npf_alg_icmp.c,v 1.8.4.7 2013/02/11 21:49:49 riz Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_alg_icmp.c,v 1.8.4.8 2018/05/17 13:45:15 martin Exp $");
#include
#include
@@ -162,12 +162,14 @@ npfa_icmp_match(npf_cache_t *npc, nbuf_t
/*
* npfa_icmp{4,6}_inspect: retrieve unique identifiers - either ICMP query
* ID or TCP/UDP ports of the original packet, which is embedded.
+ *
+ * => Sets hasqid=true if the packet has a Query Id. In this case neither
+ *the nbuf nor npc is touched.
*/
static bool
-npfa_icmp4_inspect(const int type, npf_cache_t *npc, nbuf_t *nbuf)
+npfa_icmp4_inspect(const int type, npf_cache_t *npc, nbuf_t *nbuf, bool *hasqid)
{
- u_int offby;
/* Per RFC 792. */
switch (type) {
@@ -191,12 +193,8 @@ npfa_icmp4_inspect(const int type, npf_c
case ICMP_TSTAMPREPLY:
case ICMP_IREQ:
case ICMP_IREQREPLY:
- /* Should contain ICMP query ID - ensure. */
- offby = offsetof(struct icmp, icmp_id);
- if (!nbuf_advance(nbuf, offby, sizeof(uint16_t))) {
- return false;
- }
- npc->npc_info |= NPC_ICMP_ID;
+ /* Contains ICMP query ID. */
+ *hasqid = true;
return true;
default:
break;
@@ -205,9 +203,8 @@ npfa_icmp4_inspect(const int type, npf_c
}
static bool
-npfa_icmp6_inspect(const int type, npf_cache_t *npc, nbuf_t *nbuf)
+npfa_icmp6_inspect(const int type, npf_cache_t *npc, nbuf_t *nbuf, bool *hasqid)
{
- u_int offby;
/* Per RFC 4443. */
switch (type) {
@@ -226,12 +223,8 @@ npfa_icmp6_inspect(const int type, npf_c
case ICMP6_ECHO_REQUEST:
case ICMP6_ECHO_REPLY:
- /* Should contain ICMP query ID - ensure. */
- offby = offsetof(struct icmp6_hdr, icmp6_id);
- if (!nbuf_advance(nbuf, offby, sizeof(uint16_t))) {
- return false;
- }
- npc->npc_info |= NPC_ICMP_ID;
+ /* Contains ICMP query ID. */
+ *hasqid = true;
return true;
default:
break;
@@ -242,12 +235,12 @@ npfa_icmp6_inspect(const int type, npf_c
/*
* npfa_icmp_session: ALG ICMP inspector.
*
- * => Returns true if "enpc" is filled.
+ * => Returns false if there is a problem with the format.
*/
static bool
npfa_icmp_inspect(npf_cache_t *npc, nbuf_t *nbuf, npf_cache_t *enpc)
{
- bool ret;
+ bool ret, hasqid = false;
KASSERT(npf_iscached(npc, NPC_IP46));
KASSERT(npf_iscached(npc, NPC_ICMP));
@@ -265,10 +258,10 @@ npfa_icmp_inspect(npf_cache_t *npc, nbuf
*/
if (npf_iscached(npc, NPC_IP4)) {
const struct icmp *ic = npc->npc_l4.icmp;
- ret = npfa_icmp4_inspect(ic->icmp_type, enpc, nbuf);
+ ret = npfa_icmp4_inspect(ic->icmp_type, enpc, nbuf, );
} else if (npf_iscached(npc, NPC_IP6)) {
const
CVS commit: [netbsd-6] src/sys/net/npf
Module Name:src Committed By: martin Date: Thu Apr 5 11:34:17 UTC 2018 Modified Files: src/sys/net/npf [netbsd-6]: npf.h Log Message: Pullup the following revision, requested by maxv in ticket #1542: sys/net/npf/npf.h 1.55 Fix a vulnerability in NPF, that allows whatever incoming IPv6 packet to bypass a certain number of filtering rules. Basically there is an integer overflow in npf_cache_ip: npc_hlen is a 8bit unsigned int, and can wrap to zero if the IPv6 packet being processed has large extensions. As a result of an overflow, (mbuf + npc_hlen) won't point at the real protocol header, but instead at some garbage within the packet. That garbage, is what NPF applies its rules on. If these filtering rules allow the packet to enter, that packet is given to the main IPv6 entry point. This entry point, however, is not subject to an integer overflow, so it will actually parse the correct protocol header. The result is: NPF read a wrong header, allowed the packet to enter, the kernel read the correct header, and delivered the packet depending on this correct header. So the offending packet was supposed to be kicked, but still went through the firewall. Simple example, a packet with: packet + 0 = IP6 Header packet + 40 = IP6 Routing header (ip6r_len = 31) packet + 48 = Crafted UDP header (uh_dport = ) packet + 296 = IP6 Dest header (ip6e_len = 0) packet + 304 = Real UDP header (uh_dport = ) Will bypass a rule of the kind "block port ". Here NPF reads the crafted UDP header, sees , lets the packet in; later the kernel reads the real UDP header, and delivers it on port . Fix this by using uint32_t. While here, it seems to me there is also a memory overflow: still in npf_cache_ip, npc_hlen may be incremented with a value that goes beyond the mbuf. To generate a diff of this commit: cvs rdiff -u -r1.14.2.12 -r1.14.2.13 src/sys/net/npf/npf.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6] src/sys/net/npf
Module Name:src
Committed By: martin
Date: Thu Apr 5 11:34:17 UTC 2018
Modified Files:
src/sys/net/npf [netbsd-6]: npf.h
Log Message:
Pullup the following revision, requested by maxv in ticket #1542:
sys/net/npf/npf.h 1.55
Fix a vulnerability in NPF, that allows whatever incoming IPv6 packet to
bypass a certain number of filtering rules.
Basically there is an integer overflow in npf_cache_ip: npc_hlen is a
8bit unsigned int, and can wrap to zero if the IPv6 packet being processed
has large extensions.
As a result of an overflow, (mbuf + npc_hlen) won't point at the real
protocol header, but instead at some garbage within the packet. That
garbage, is what NPF applies its rules on.
If these filtering rules allow the packet to enter, that packet is given
to the main IPv6 entry point. This entry point, however, is not subject to
an integer overflow, so it will actually parse the correct protocol header.
The result is: NPF read a wrong header, allowed the packet to enter, the
kernel read the correct header, and delivered the packet depending on this
correct header. So the offending packet was supposed to be kicked, but
still went through the firewall.
Simple example, a packet with:
packet + 0 = IP6 Header
packet + 40 = IP6 Routing header (ip6r_len = 31)
packet + 48 = Crafted UDP header (uh_dport = )
packet + 296 = IP6 Dest header (ip6e_len = 0)
packet + 304 = Real UDP header (uh_dport = )
Will bypass a rule of the kind "block port ". Here NPF reads the
crafted UDP header, sees , lets the packet in; later the kernel reads
the real UDP header, and delivers it on port .
Fix this by using uint32_t. While here, it seems to me there is also a
memory overflow: still in npf_cache_ip, npc_hlen may be incremented with
a value that goes beyond the mbuf.
To generate a diff of this commit:
cvs rdiff -u -r1.14.2.12 -r1.14.2.13 src/sys/net/npf/npf.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/net/npf/npf.h
diff -u src/sys/net/npf/npf.h:1.14.2.12 src/sys/net/npf/npf.h:1.14.2.13
--- src/sys/net/npf/npf.h:1.14.2.12 Mon Feb 11 21:49:49 2013
+++ src/sys/net/npf/npf.h Thu Apr 5 11:34:17 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: npf.h,v 1.14.2.12 2013/02/11 21:49:49 riz Exp $ */
+/* $NetBSD: npf.h,v 1.14.2.13 2018/04/05 11:34:17 martin Exp $ */
/*-
* Copyright (c) 2009-2013 The NetBSD Foundation, Inc.
@@ -99,7 +99,7 @@ typedef struct {
npf_addr_t * npc_dstip;
/* Size (v4 or v6) of IP addresses. */
uint8_t npc_alen;
- uint8_t npc_hlen;
+ uint32_t npc_hlen;
uint16_t npc_proto;
/* IPv4, IPv6. */
union {
CVS commit: [netbsd-6] src/sys/net
Module Name:src Committed By: snj Date: Sun Feb 5 05:48:00 UTC 2017 Modified Files: src/sys/net [netbsd-6]: if_arcsubr.c if_ecosubr.c if_ethersubr.c if_fddisubr.c if_tokensubr.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1429): sys/net/if_arcsubr.c: revision 1.76 via patch sys/net/if_ecosubr.c: revision 1.50 via patch sys/net/if_ethersubr.c: revision 1.236 via patch sys/net/if_fddisubr.c: revision 1.104 via patch sys/net/if_tokensubr.c: revision 1.80 via patch Don't forget to free the mbuf when we decide not to reply to an ARP request. This obviously is a terrible bug, since it allows a remote sender to DoS the system with specially-crafted requests sent in a loop. To generate a diff of this commit: cvs rdiff -u -r1.63.14.1 -r1.63.14.2 src/sys/net/if_arcsubr.c cvs rdiff -u -r1.36.4.1 -r1.36.4.2 src/sys/net/if_ecosubr.c cvs rdiff -u -r1.188.8.4 -r1.188.8.5 src/sys/net/if_ethersubr.c cvs rdiff -u -r1.81.14.1 -r1.81.14.2 src/sys/net/if_fddisubr.c cvs rdiff -u -r1.61 -r1.61.8.1 src/sys/net/if_tokensubr.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6] src/sys/net
Module Name:src
Committed By: snj
Date: Sun Feb 5 05:48:00 UTC 2017
Modified Files:
src/sys/net [netbsd-6]: if_arcsubr.c if_ecosubr.c if_ethersubr.c
if_fddisubr.c if_tokensubr.c
Log Message:
Pull up following revision(s) (requested by maxv in ticket #1429):
sys/net/if_arcsubr.c: revision 1.76 via patch
sys/net/if_ecosubr.c: revision 1.50 via patch
sys/net/if_ethersubr.c: revision 1.236 via patch
sys/net/if_fddisubr.c: revision 1.104 via patch
sys/net/if_tokensubr.c: revision 1.80 via patch
Don't forget to free the mbuf when we decide not to reply to an ARP
request. This obviously is a terrible bug, since it allows a remote sender
to DoS the system with specially-crafted requests sent in a loop.
To generate a diff of this commit:
cvs rdiff -u -r1.63.14.1 -r1.63.14.2 src/sys/net/if_arcsubr.c
cvs rdiff -u -r1.36.4.1 -r1.36.4.2 src/sys/net/if_ecosubr.c
cvs rdiff -u -r1.188.8.4 -r1.188.8.5 src/sys/net/if_ethersubr.c
cvs rdiff -u -r1.81.14.1 -r1.81.14.2 src/sys/net/if_fddisubr.c
cvs rdiff -u -r1.61 -r1.61.8.1 src/sys/net/if_tokensubr.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/net/if_arcsubr.c
diff -u src/sys/net/if_arcsubr.c:1.63.14.1 src/sys/net/if_arcsubr.c:1.63.14.2
--- src/sys/net/if_arcsubr.c:1.63.14.1 Tue Oct 23 16:19:47 2012
+++ src/sys/net/if_arcsubr.c Sun Feb 5 05:48:00 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: if_arcsubr.c,v 1.63.14.1 2012/10/23 16:19:47 riz Exp $ */
+/* $NetBSD: if_arcsubr.c,v 1.63.14.2 2017/02/05 05:48:00 snj Exp $ */
/*
* Copyright (c) 1994, 1995 Ignatios Souvatzis
@@ -35,7 +35,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: if_arcsubr.c,v 1.63.14.1 2012/10/23 16:19:47 riz Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_arcsubr.c,v 1.63.14.2 2017/02/05 05:48:00 snj Exp $");
#include "opt_inet.h"
@@ -196,8 +196,10 @@ arc_output(struct ifnet *ifp, struct mbu
adst = arcbroadcastaddr;
else {
uint8_t *tha = ar_tha(arph);
- if (tha == NULL)
+ if (tha == NULL) {
+m_freem(m);
return 0;
+ }
adst = *tha;
}
Index: src/sys/net/if_ecosubr.c
diff -u src/sys/net/if_ecosubr.c:1.36.4.1 src/sys/net/if_ecosubr.c:1.36.4.2
--- src/sys/net/if_ecosubr.c:1.36.4.1 Sun Dec 7 15:09:32 2014
+++ src/sys/net/if_ecosubr.c Sun Feb 5 05:48:00 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: if_ecosubr.c,v 1.36.4.1 2014/12/07 15:09:32 martin Exp $ */
+/* $NetBSD: if_ecosubr.c,v 1.36.4.2 2017/02/05 05:48:00 snj Exp $ */
/*-
* Copyright (c) 2001 Ben Harris
@@ -58,7 +58,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: if_ecosubr.c,v 1.36.4.1 2014/12/07 15:09:32 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_ecosubr.c,v 1.36.4.2 2017/02/05 05:48:00 snj Exp $");
#include "opt_inet.h"
#include "opt_pfil_hooks.h"
@@ -242,8 +242,10 @@ eco_output(struct ifnet *ifp, struct mbu
case AF_ARP:
ah = mtod(m, struct arphdr *);
- if (ntohs(ah->ar_pro) != ETHERTYPE_IP)
- return EAFNOSUPPORT;
+ if (ntohs(ah->ar_pro) != ETHERTYPE_IP) {
+ error = EAFNOSUPPORT;
+ goto bad;
+ }
ehdr.eco_port = ECO_PORT_IP;
switch (ntohs(ah->ar_op)) {
case ARPOP_REQUEST:
@@ -253,7 +255,8 @@ eco_output(struct ifnet *ifp, struct mbu
ehdr.eco_control = ECO_CTL_ARP_REPLY;
break;
default:
- return EOPNOTSUPP;
+ error = EOPNOTSUPP;
+ goto bad;
}
if (m->m_flags & M_BCAST)
@@ -261,8 +264,10 @@ eco_output(struct ifnet *ifp, struct mbu
ECO_ADDR_LEN);
else {
tha = ar_tha(ah);
- if (tha == NULL)
+ if (tha == NULL) {
+m_freem(m);
return 0;
+ }
memcpy(ehdr.eco_dhost, tha, ECO_ADDR_LEN);
}
Index: src/sys/net/if_ethersubr.c
diff -u src/sys/net/if_ethersubr.c:1.188.8.4 src/sys/net/if_ethersubr.c:1.188.8.5
--- src/sys/net/if_ethersubr.c:1.188.8.4 Tue Jun 3 15:34:00 2014
+++ src/sys/net/if_ethersubr.c Sun Feb 5 05:48:00 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: if_ethersubr.c,v 1.188.8.4 2014/06/03 15:34:00 msaitoh Exp $ */
+/* $NetBSD: if_ethersubr.c,v 1.188.8.5 2017/02/05 05:48:00 snj Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -61,7 +61,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: if_ethersubr.c,v 1.188.8.4 2014/06/03 15:34:00 msaitoh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_ethersubr.c,v 1.188.8.5 2017/02/05 05:48:00 snj Exp $");
#include "opt_inet.h"
#include "opt_atalk.h"
@@ -307,6 +307,7 @@ ether_output(struct ifnet * const ifp0,
if (tha == NULL) {
/* fake with ARPHDR_IEEE1394 */
+m_freem(m);
return 0;
}
memcpy(edst, tha, sizeof(edst));
Index: src/sys/net/if_fddisubr.c
diff -u src/sys/net/if_fddisubr.c:1.81.14.1 src/sys/net/if_fddisubr.c:1.81.14.2
--- src/sys/net/if_fddisubr.c:1.81.14.1 Wed Oct 31 16:07:46 2012
+++ src/sys/net/if_fddisubr.c Sun Feb 5 05:48:00 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: if_fddisubr.c,v 1.81.14.1 2012/10/31 16:07:46 riz Exp $ */
+/* $NetBSD: if_fddisubr.c,v 1.81.14.2
CVS commit: [netbsd-6] src/sys/net
Module Name:src Committed By: bouyer Date: Sun Nov 15 21:04:53 UTC 2015 Modified Files: src/sys/net [netbsd-6]: if_gif.c Log Message: Pull up following revision(s) (requested by knakahara in ticket #1344): sys/net/if_gif.c: revision 1.89 sys/net/if_gif.c: revision 1.90 CID 980463: Provide common error path for rollback. Remove extra check for success. correct mistake in previous To generate a diff of this commit: cvs rdiff -u -r1.80.8.1 -r1.80.8.2 src/sys/net/if_gif.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6] src/sys/net
Module Name:src Committed By: bouyer Date: Sun Nov 15 21:09:37 UTC 2015 Modified Files: src/sys/net [netbsd-6]: if_gif.c Log Message: Pull up following revision(s) (requested by knakahara in ticket #1345): sys/net/if_gif.c: revision 1.91 sys/net/if_gif.c: revision 1.92 fix panic after "ifconfig gifX tunnel src dst" failed for the reason of address pair duplication. e.g. # ifconfig gif0 create # ifconfig gif0 tunnel 192.168.0.1 192.168.0.2 # ifconfig gif0 inet 172.16.0.1/24 172.16.0.2 # route add 10.1.0.0/24 172.16.0.1 # ifconfig gif1 create # ifconfig gif1 tunnel 192.168.0.1 192.168.0.3 # ifconfig gif0 tunnel 192.168.0.1 192.168.0.3 ifconfig: SIOCSLIFPHYADDR: Can't assign requested address # expected # ping 10.1.0.1 (panic) fix CID 980463 To generate a diff of this commit: cvs rdiff -u -r1.80.8.2 -r1.80.8.3 src/sys/net/if_gif.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6] src/sys/net
Module Name:src
Committed By: bouyer
Date: Sun Nov 15 21:04:53 UTC 2015
Modified Files:
src/sys/net [netbsd-6]: if_gif.c
Log Message:
Pull up following revision(s) (requested by knakahara in ticket #1344):
sys/net/if_gif.c: revision 1.89
sys/net/if_gif.c: revision 1.90
CID 980463: Provide common error path for rollback. Remove extra check for
success.
correct mistake in previous
To generate a diff of this commit:
cvs rdiff -u -r1.80.8.1 -r1.80.8.2 src/sys/net/if_gif.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/net/if_gif.c
diff -u src/sys/net/if_gif.c:1.80.8.1 src/sys/net/if_gif.c:1.80.8.2
--- src/sys/net/if_gif.c:1.80.8.1 Fri Feb 8 20:42:51 2013
+++ src/sys/net/if_gif.c Sun Nov 15 21:04:53 2015
@@ -1,4 +1,4 @@
-/* $NetBSD: if_gif.c,v 1.80.8.1 2013/02/08 20:42:51 riz Exp $ */
+/* $NetBSD: if_gif.c,v 1.80.8.2 2015/11/15 21:04:53 bouyer Exp $ */
/* $KAME: if_gif.c,v 1.76 2001/08/20 02:01:02 kjc Exp $ */
/*
@@ -31,7 +31,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: if_gif.c,v 1.80.8.1 2013/02/08 20:42:51 riz Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_gif.c,v 1.80.8.2 2015/11/15 21:04:53 bouyer Exp $");
#include "opt_inet.h"
#include "opt_iso.h"
@@ -743,17 +743,24 @@ gif_set_tunnel(struct ifnet *ifp, struct
#endif
}
+ osrc = sc->gif_psrc;
+ odst = sc->gif_pdst;
+ sc->gif_psrc = sc->gif_pdst = NULL;
sc->gif_si = softint_establish(SOFTINT_NET, gifintr, sc);
if (sc->gif_si == NULL) {
error = ENOMEM;
- goto bad;
+ goto rollback;
}
- osrc = sc->gif_psrc;
- sc->gif_psrc = sockaddr_dup(src, M_WAITOK);
+ if ((sc->gif_psrc = sockaddr_dup(src, M_WAITOK)) == NULL) {
+ error = ENOMEM;
+ goto rollback;
+ }
- odst = sc->gif_pdst;
- sc->gif_pdst = sockaddr_dup(dst, M_WAITOK);
+ if ((sc->gif_pdst = sockaddr_dup(dst, M_WAITOK)) == NULL) {
+ error = ENOMEM;
+ goto rollback;
+ }
switch (sc->gif_psrc->sa_family) {
#ifdef INET
@@ -770,33 +777,32 @@ gif_set_tunnel(struct ifnet *ifp, struct
error = EINVAL;
break;
}
- if (error) {
- /* rollback */
- sockaddr_free(sc->gif_psrc);
- sockaddr_free(sc->gif_pdst);
- sc->gif_psrc = osrc;
- sc->gif_pdst = odst;
- goto bad;
- }
+ if (error)
+ goto rollback;
if (osrc)
sockaddr_free(osrc);
if (odst)
sockaddr_free(odst);
- if (sc->gif_psrc && sc->gif_pdst)
- ifp->if_flags |= IFF_RUNNING;
- else
- ifp->if_flags &= ~IFF_RUNNING;
+ ifp->if_flags |= IFF_RUNNING;
splx(s);
return 0;
- bad:
+rollback:
+ if (sc->gif_psrc != NULL)
+ sockaddr_free(sc->gif_psrc);
+ if (sc->gif_pdst != NULL)
+ sockaddr_free(sc->gif_pdst);
+ sc->gif_psrc = osrc;
+ sc->gif_pdst = odst;
+bad:
if (sc->gif_si) {
softint_disestablish(sc->gif_si);
sc->gif_si = NULL;
}
+
if (sc->gif_psrc && sc->gif_pdst)
ifp->if_flags |= IFF_RUNNING;
else
CVS commit: [netbsd-6] src/sys/net
Module Name:src
Committed By: bouyer
Date: Sun Nov 15 21:09:37 UTC 2015
Modified Files:
src/sys/net [netbsd-6]: if_gif.c
Log Message:
Pull up following revision(s) (requested by knakahara in ticket #1345):
sys/net/if_gif.c: revision 1.91
sys/net/if_gif.c: revision 1.92
fix panic after "ifconfig gifX tunnel src dst" failed for the reason of address
pair duplication.
e.g.
# ifconfig gif0 create
# ifconfig gif0 tunnel 192.168.0.1 192.168.0.2
# ifconfig gif0 inet 172.16.0.1/24 172.16.0.2
# route add 10.1.0.0/24 172.16.0.1
# ifconfig gif1 create
# ifconfig gif1 tunnel 192.168.0.1 192.168.0.3
# ifconfig gif0 tunnel 192.168.0.1 192.168.0.3
ifconfig: SIOCSLIFPHYADDR: Can't assign requested address # expected
# ping 10.1.0.1
(panic)
fix CID 980463
To generate a diff of this commit:
cvs rdiff -u -r1.80.8.2 -r1.80.8.3 src/sys/net/if_gif.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/net/if_gif.c
diff -u src/sys/net/if_gif.c:1.80.8.2 src/sys/net/if_gif.c:1.80.8.3
--- src/sys/net/if_gif.c:1.80.8.2 Sun Nov 15 21:04:53 2015
+++ src/sys/net/if_gif.c Sun Nov 15 21:09:37 2015
@@ -1,4 +1,4 @@
-/* $NetBSD: if_gif.c,v 1.80.8.2 2015/11/15 21:04:53 bouyer Exp $ */
+/* $NetBSD: if_gif.c,v 1.80.8.3 2015/11/15 21:09:37 bouyer Exp $ */
/* $KAME: if_gif.c,v 1.76 2001/08/20 02:01:02 kjc Exp $ */
/*
@@ -31,7 +31,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: if_gif.c,v 1.80.8.2 2015/11/15 21:04:53 bouyer Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_gif.c,v 1.80.8.3 2015/11/15 21:09:37 bouyer Exp $");
#include "opt_inet.h"
#include "opt_iso.h"
@@ -717,7 +717,8 @@ gif_set_tunnel(struct ifnet *ifp, struct
if (sockaddr_cmp(sc2->gif_pdst, dst) == 0 &&
sockaddr_cmp(sc2->gif_psrc, src) == 0) {
error = EADDRNOTAVAIL;
- goto bad;
+ /* continue to use the old configureation. */
+ goto out;
}
/* XXX both end must be valid? (I mean, not 0.0.0.0) */
@@ -785,10 +786,8 @@ gif_set_tunnel(struct ifnet *ifp, struct
if (odst)
sockaddr_free(odst);
- ifp->if_flags |= IFF_RUNNING;
- splx(s);
-
- return 0;
+ error = 0;
+ goto out;
rollback:
if (sc->gif_psrc != NULL)
@@ -797,18 +796,19 @@ rollback:
sockaddr_free(sc->gif_pdst);
sc->gif_psrc = osrc;
sc->gif_pdst = odst;
-bad:
+
if (sc->gif_si) {
softint_disestablish(sc->gif_si);
sc->gif_si = NULL;
}
+out:
if (sc->gif_psrc && sc->gif_pdst)
ifp->if_flags |= IFF_RUNNING;
else
ifp->if_flags &= ~IFF_RUNNING;
- splx(s);
+ splx(s);
return error;
}
CVS commit: [netbsd-6] src/sys/net
Module Name:src Committed By: msaitoh Date: Fri Apr 24 05:56:42 UTC 2015 Modified Files: src/sys/net [netbsd-6]: if_vlan.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #1295): sys/net/if_vlan.c: revision 1.81 Count up parent's obytes and omcasts counters PR kern/49837 To generate a diff of this commit: cvs rdiff -u -r1.69.8.3 -r1.69.8.4 src/sys/net/if_vlan.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/if_vlan.c diff -u src/sys/net/if_vlan.c:1.69.8.3 src/sys/net/if_vlan.c:1.69.8.4 --- src/sys/net/if_vlan.c:1.69.8.3 Thu Apr 16 09:27:32 2015 +++ src/sys/net/if_vlan.c Fri Apr 24 05:56:42 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: if_vlan.c,v 1.69.8.3 2015/04/16 09:27:32 msaitoh Exp $ */ +/* $NetBSD: if_vlan.c,v 1.69.8.4 2015/04/24 05:56:42 msaitoh Exp $ */ /*- * Copyright (c) 2000, 2001 The NetBSD Foundation, Inc. @@ -78,7 +78,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: if_vlan.c,v 1.69.8.3 2015/04/16 09:27:32 msaitoh Exp $); +__KERNEL_RCSID(0, $NetBSD: if_vlan.c,v 1.69.8.4 2015/04/24 05:56:42 msaitoh Exp $); #include opt_inet.h @@ -821,6 +821,10 @@ vlan_start(struct ifnet *ifp) } ifp-if_opackets++; + + p-if_obytes += m-m_pkthdr.len; + if (m-m_flags M_MCAST) + p-if_omcasts++; if ((p-if_flags (IFF_RUNNING|IFF_OACTIVE)) == IFF_RUNNING) (*p-if_start)(p); }
CVS commit: [netbsd-6] src/sys/net
Module Name:src Committed By: msaitoh Date: Fri Apr 24 05:56:42 UTC 2015 Modified Files: src/sys/net [netbsd-6]: if_vlan.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #1295): sys/net/if_vlan.c: revision 1.81 Count up parent's obytes and omcasts counters PR kern/49837 To generate a diff of this commit: cvs rdiff -u -r1.69.8.3 -r1.69.8.4 src/sys/net/if_vlan.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6] src/sys/net
Module Name:src
Committed By: snj
Date: Thu Apr 16 06:27:34 UTC 2015
Modified Files:
src/sys/net [netbsd-6]: if.h
Log Message:
Pull up following revision(s) (requested by msaitoh in ticket #1289):
sys/net/if.h: revision 1.186
Use 1000ULL to prevent integer overflow (for IF_Gbps(10)). Same as OpenBSD.
To generate a diff of this commit:
cvs rdiff -u -r1.154 -r1.154.8.1 src/sys/net/if.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/net/if.h
diff -u src/sys/net/if.h:1.154 src/sys/net/if.h:1.154.8.1
--- src/sys/net/if.h:1.154 Tue Oct 25 22:26:18 2011
+++ src/sys/net/if.h Thu Apr 16 06:27:33 2015
@@ -1,4 +1,4 @@
-/* $NetBSD: if.h,v 1.154 2011/10/25 22:26:18 dyoung Exp $ */
+/* $NetBSD: if.h,v 1.154.8.1 2015/04/16 06:27:33 snj Exp $ */
/*-
* Copyright (c) 1999, 2000, 2001 The NetBSD Foundation, Inc.
@@ -381,11 +381,10 @@ typedef struct ifnet {
/*
* Some convenience macros used for setting ifi_baudrate.
- * XXX 1000 vs. 1024? --thor...@netbsd.org
*/
-#define IF_Kbps(x) ((x) * 1000) /* kilobits/sec. */
-#define IF_Mbps(x) (IF_Kbps((x) * 1000)) /* megabits/sec. */
-#define IF_Gbps(x) (IF_Mbps((x) * 1000)) /* gigabits/sec. */
+#define IF_Kbps(x) ((x) * 1000ULL) /* kilobits/sec. */
+#define IF_Mbps(x) (IF_Kbps((x) * 1000ULL)) /* megabits/sec. */
+#define IF_Gbps(x) (IF_Mbps((x) * 1000ULL)) /* gigabits/sec. */
/* Capabilities that interfaces can advertise. */
#define IFCAP_TSOv4 0x00080 /* can do TCPv4 segmentation offload */
CVS commit: [netbsd-6] src/sys/net
Module Name:src Committed By: snj Date: Thu Apr 16 06:27:34 UTC 2015 Modified Files: src/sys/net [netbsd-6]: if.h Log Message: Pull up following revision(s) (requested by msaitoh in ticket #1289): sys/net/if.h: revision 1.186 Use 1000ULL to prevent integer overflow (for IF_Gbps(10)). Same as OpenBSD. To generate a diff of this commit: cvs rdiff -u -r1.154 -r1.154.8.1 src/sys/net/if.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6] src/sys/net
Module Name:src
Committed By: msaitoh
Date: Thu Apr 16 09:27:32 UTC 2015
Modified Files:
src/sys/net [netbsd-6]: if_vlan.c
Log Message:
Pull up following revision(s) (requested by ozaki-r in ticket #1286):
sys/net/if_vlan.c: revision 1.80
Correct frame padding length
vlan pads a frame with zeros up to 68 bytes
(ETHER_MIN_LEN + ETHER_VLAN_ENCAP_LEN). It expects
that even if the frame is untagged, it keeps 64 bytes
at least. However, it lacks concern about CRC
(4 bytes). So a sending frame can be 72 (68 + 4) bytes.
PR 49788
To generate a diff of this commit:
cvs rdiff -u -r1.69.8.2 -r1.69.8.3 src/sys/net/if_vlan.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/net/if_vlan.c
diff -u src/sys/net/if_vlan.c:1.69.8.2 src/sys/net/if_vlan.c:1.69.8.3
--- src/sys/net/if_vlan.c:1.69.8.2 Mon Nov 3 20:38:09 2014
+++ src/sys/net/if_vlan.c Thu Apr 16 09:27:32 2015
@@ -1,4 +1,4 @@
-/* $NetBSD: if_vlan.c,v 1.69.8.2 2014/11/03 20:38:09 msaitoh Exp $ */
+/* $NetBSD: if_vlan.c,v 1.69.8.3 2015/04/16 09:27:32 msaitoh Exp $ */
/*-
* Copyright (c) 2000, 2001 The NetBSD Foundation, Inc.
@@ -78,7 +78,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: if_vlan.c,v 1.69.8.2 2014/11/03 20:38:09 msaitoh Exp $);
+__KERNEL_RCSID(0, $NetBSD: if_vlan.c,v 1.69.8.3 2015/04/16 09:27:32 msaitoh Exp $);
#include opt_inet.h
@@ -791,9 +791,10 @@ vlan_start(struct ifnet *ifp)
* after deleting a tag.
*/
if (m-m_pkthdr.len
-(ETHER_MIN_LEN + ETHER_VLAN_ENCAP_LEN)) {
+(ETHER_MIN_LEN - ETHER_CRC_LEN +
+ ETHER_VLAN_ENCAP_LEN)) {
m_copyback(m, m-m_pkthdr.len,
- (ETHER_MIN_LEN +
+ (ETHER_MIN_LEN - ETHER_CRC_LEN +
ETHER_VLAN_ENCAP_LEN) -
m-m_pkthdr.len,
vlan_zero_pad_buff);
CVS commit: [netbsd-6] src/sys/net
Module Name:src Committed By: msaitoh Date: Thu Apr 16 09:27:32 UTC 2015 Modified Files: src/sys/net [netbsd-6]: if_vlan.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #1286): sys/net/if_vlan.c: revision 1.80 Correct frame padding length vlan pads a frame with zeros up to 68 bytes (ETHER_MIN_LEN + ETHER_VLAN_ENCAP_LEN). It expects that even if the frame is untagged, it keeps 64 bytes at least. However, it lacks concern about CRC (4 bytes). So a sending frame can be 72 (68 + 4) bytes. PR 49788 To generate a diff of this commit: cvs rdiff -u -r1.69.8.2 -r1.69.8.3 src/sys/net/if_vlan.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6] src/sys/net
Module Name:src Committed By: msaitoh Date: Thu Aug 7 09:39:55 UTC 2014 Modified Files: src/sys/net [netbsd-6]: link_proto.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #1103): sys/net/link_proto.crevision 1.17 Don't assume if_init is always set. if_init may be NULL, e.g., if_vlan. PR kern/48997. To generate a diff of this commit: cvs rdiff -u -r1.7 -r1.7.8.1 src/sys/net/link_proto.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/link_proto.c diff -u src/sys/net/link_proto.c:1.7 src/sys/net/link_proto.c:1.7.8.1 --- src/sys/net/link_proto.c:1.7 Fri Oct 7 16:34:31 2011 +++ src/sys/net/link_proto.c Thu Aug 7 09:39:55 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: link_proto.c,v 1.7 2011/10/07 16:34:31 dyoung Exp $ */ +/* $NetBSD: link_proto.c,v 1.7.8.1 2014/08/07 09:39:55 msaitoh Exp $ */ /*- * Copyright (c) 1982, 1986, 1993 @@ -32,7 +32,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: link_proto.c,v 1.7 2011/10/07 16:34:31 dyoung Exp $); +__KERNEL_RCSID(0, $NetBSD: link_proto.c,v 1.7.8.1 2014/08/07 09:39:55 msaitoh Exp $); #include sys/param.h #include sys/socket.h @@ -197,7 +197,8 @@ link_control(struct socket *so, unsigned splx(s); if (error != ENETRESET) return error; - else if ((ifp-if_flags IFF_RUNNING) != 0) + else if ((ifp-if_flags IFF_RUNNING) != 0 + ifp-if_init != NULL) return (*ifp-if_init)(ifp); else return 0;
CVS commit: [netbsd-6] src/sys/net
Module Name:src Committed By: msaitoh Date: Thu Aug 7 09:39:55 UTC 2014 Modified Files: src/sys/net [netbsd-6]: link_proto.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #1103): sys/net/link_proto.crevision 1.17 Don't assume if_init is always set. if_init may be NULL, e.g., if_vlan. PR kern/48997. To generate a diff of this commit: cvs rdiff -u -r1.7 -r1.7.8.1 src/sys/net/link_proto.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6] src/sys/net
Module Name:src Committed By: msaitoh Date: Tue Jun 3 15:13:30 UTC 2014 Modified Files: src/sys/net [netbsd-6]: if_tap.c Log Message: Pull up following revision(s) (requested by cube in ticket #1071): sys/net/if_tap.c1.76 Prevent a race between tap_dev_poll() and tap_start() by making sure the call to selrecord() happens at splnet(). Fixes kern/47506 and kern/46199. To generate a diff of this commit: cvs rdiff -u -r1.66 -r1.66.14.1 src/sys/net/if_tap.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/if_tap.c diff -u src/sys/net/if_tap.c:1.66 src/sys/net/if_tap.c:1.66.14.1 --- src/sys/net/if_tap.c:1.66 Mon Nov 22 21:31:51 2010 +++ src/sys/net/if_tap.c Tue Jun 3 15:13:30 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: if_tap.c,v 1.66 2010/11/22 21:31:51 christos Exp $ */ +/* $NetBSD: if_tap.c,v 1.66.14.1 2014/06/03 15:13:30 msaitoh Exp $ */ /* * Copyright (c) 2003, 2004, 2008, 2009 The NetBSD Foundation. @@ -33,7 +33,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: if_tap.c,v 1.66 2010/11/22 21:31:51 christos Exp $); +__KERNEL_RCSID(0, $NetBSD: if_tap.c,v 1.66.14.1 2014/06/03 15:13:30 msaitoh Exp $); #if defined(_KERNEL_OPT) @@ -1164,7 +1164,6 @@ tap_dev_poll(int unit, int events, struc s = splnet(); IFQ_POLL(ifp-if_snd, m); - splx(s); if (m != NULL) revents |= events (POLLIN|POLLRDNORM); @@ -1173,6 +1172,7 @@ tap_dev_poll(int unit, int events, struc selrecord(l, sc-sc_rsel); simple_unlock(sc-sc_kqlock); } + splx(s); } revents |= events (POLLOUT|POLLWRNORM);
CVS commit: [netbsd-6] src/sys/net
Module Name:src Committed By: msaitoh Date: Tue Jun 3 15:13:30 UTC 2014 Modified Files: src/sys/net [netbsd-6]: if_tap.c Log Message: Pull up following revision(s) (requested by cube in ticket #1071): sys/net/if_tap.c1.76 Prevent a race between tap_dev_poll() and tap_start() by making sure the call to selrecord() happens at splnet(). Fixes kern/47506 and kern/46199. To generate a diff of this commit: cvs rdiff -u -r1.66 -r1.66.14.1 src/sys/net/if_tap.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6] src/sys/net/npf
Module Name:src
Committed By: bouyer
Date: Sun Nov 17 19:16:58 UTC 2013
Modified Files:
src/sys/net/npf [netbsd-6]: npf_impl.h npf_nat.c npf_session.c
Log Message:
Pull up following revision(s) (requested by rmind in ticket #985):
sys/net/npf/npf_impl.h: revision 1.35
sys/net/npf/npf_nat.c: revision 1.21
sys/net/npf/npf_session.c: revision 1.26
npf_session_setnat: fix the race condition when the old connection is still
being expired while a new/duplicate is being created.
To generate a diff of this commit:
cvs rdiff -u -r1.10.2.14 -r1.10.2.15 src/sys/net/npf/npf_impl.h
cvs rdiff -u -r1.10.2.8 -r1.10.2.9 src/sys/net/npf/npf_nat.c
cvs rdiff -u -r1.10.4.9 -r1.10.4.10 src/sys/net/npf/npf_session.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/net/npf/npf_impl.h
diff -u src/sys/net/npf/npf_impl.h:1.10.2.14 src/sys/net/npf/npf_impl.h:1.10.2.15
--- src/sys/net/npf/npf_impl.h:1.10.2.14 Mon Feb 18 18:26:14 2013
+++ src/sys/net/npf/npf_impl.h Sun Nov 17 19:16:57 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_impl.h,v 1.10.2.14 2013/02/18 18:26:14 riz Exp $ */
+/* $NetBSD: npf_impl.h,v 1.10.2.15 2013/11/17 19:16:57 bouyer Exp $ */
/*-
* Copyright (c) 2009-2013 The NetBSD Foundation, Inc.
@@ -285,7 +285,7 @@ void npf_session_release(npf_session_t
void npf_session_expire(npf_session_t *);
bool npf_session_pass(const npf_session_t *, npf_rproc_t **);
void npf_session_setpass(npf_session_t *, npf_rproc_t *);
-int npf_session_setnat(npf_session_t *, npf_nat_t *, const int);
+int npf_session_setnat(npf_session_t *, npf_nat_t *, u_int);
npf_nat_t * npf_session_retnat(npf_session_t *, const int, bool *);
int npf_session_save(prop_array_t, prop_array_t);
Index: src/sys/net/npf/npf_nat.c
diff -u src/sys/net/npf/npf_nat.c:1.10.2.8 src/sys/net/npf/npf_nat.c:1.10.2.9
--- src/sys/net/npf/npf_nat.c:1.10.2.8 Mon Feb 11 21:49:49 2013
+++ src/sys/net/npf/npf_nat.c Sun Nov 17 19:16:57 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_nat.c,v 1.10.2.8 2013/02/11 21:49:49 riz Exp $ */
+/* $NetBSD: npf_nat.c,v 1.10.2.9 2013/11/17 19:16:57 bouyer Exp $ */
/*-
* Copyright (c) 2010-2013 The NetBSD Foundation, Inc.
@@ -76,7 +76,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: npf_nat.c,v 1.10.2.8 2013/02/11 21:49:49 riz Exp $);
+__KERNEL_RCSID(0, $NetBSD: npf_nat.c,v 1.10.2.9 2013/11/17 19:16:57 bouyer Exp $);
#include sys/param.h
#include sys/types.h
@@ -676,7 +676,7 @@ translate:
* Note: packet now has a translated address in the cache.
*/
nt-nt_session = se;
- error = npf_session_setnat(se, nt, di);
+ error = npf_session_setnat(se, nt, np-n_type);
out:
if (error) {
/* If session was for NAT only - expire it. */
Index: src/sys/net/npf/npf_session.c
diff -u src/sys/net/npf/npf_session.c:1.10.4.9 src/sys/net/npf/npf_session.c:1.10.4.10
--- src/sys/net/npf/npf_session.c:1.10.4.9 Mon Feb 11 21:49:49 2013
+++ src/sys/net/npf/npf_session.c Sun Nov 17 19:16:58 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_session.c,v 1.10.4.9 2013/02/11 21:49:49 riz Exp $ */
+/* $NetBSD: npf_session.c,v 1.10.4.10 2013/11/17 19:16:58 bouyer Exp $ */
/*-
* Copyright (c) 2010-2012 The NetBSD Foundation, Inc.
@@ -80,7 +80,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: npf_session.c,v 1.10.4.9 2013/02/11 21:49:49 riz Exp $);
+__KERNEL_RCSID(0, $NetBSD: npf_session.c,v 1.10.4.10 2013/11/17 19:16:58 bouyer Exp $);
#include sys/param.h
#include sys/types.h
@@ -140,7 +140,7 @@ struct npf_session {
uint16_t if_idx;
} s_common_id;
/* Flags and the protocol state. */
- int s_flags;
+ u_int s_flags;
npf_state_t s_state;
/* Association of rule procedure data. */
npf_rproc_t * s_rproc;
@@ -163,18 +163,20 @@ struct npf_sehash {
};
/*
- * Session flags:
- * - PFIL_IN and PFIL_OUT values are reserved for direction.
- * - SE_ACTIVE: session is active i.e. visible on inspection.
- * - SE_PASS: a pass session.
- * - SE_EXPIRE: explicitly expire the session.
- * - SE_REMOVING: session is being removed (indicate need to enter G/C list).
+ * Session flags: PFIL_IN and PFIL_OUT values are reserved for direction.
*/
CTASSERT(PFIL_ALL == (0x001 | 0x002));
-#define SE_ACTIVE 0x004
-#define SE_PASS 0x008
-#define SE_EXPIRE 0x010
-#define SE_REMOVING 0x020
+#define SE_ACTIVE 0x004 /* visible on inspection */
+#define SE_PASS 0x008 /* perform implicit passing */
+#define SE_EXPIRE 0x010 /* explicitly expire */
+
+/*
+ * Flags to indicate removal of forwards/backwards session entries or
+ * completion of session removal itself (i.e. both entries).
+ */
+#define SE_REMFORW 0x020
+#define SE_REMBACK 0x040
+#define SE_REMOVED (SE_REMFORW | SE_REMBACK)
/*
* Session tracking state: disabled (off), enabled (on) or flush request.
@@ -466,7 +468,7 @@ npf_session_lookup(const npf_cache_t *np
npf_sentry_t senkey, *sen;
npf_session_t *se;
CVS commit: [netbsd-6] src/sys/net/npf
Module Name:src Committed By: bouyer Date: Sun Nov 17 19:16:58 UTC 2013 Modified Files: src/sys/net/npf [netbsd-6]: npf_impl.h npf_nat.c npf_session.c Log Message: Pull up following revision(s) (requested by rmind in ticket #985): sys/net/npf/npf_impl.h: revision 1.35 sys/net/npf/npf_nat.c: revision 1.21 sys/net/npf/npf_session.c: revision 1.26 npf_session_setnat: fix the race condition when the old connection is still being expired while a new/duplicate is being created. To generate a diff of this commit: cvs rdiff -u -r1.10.2.14 -r1.10.2.15 src/sys/net/npf/npf_impl.h cvs rdiff -u -r1.10.2.8 -r1.10.2.9 src/sys/net/npf/npf_nat.c cvs rdiff -u -r1.10.4.9 -r1.10.4.10 src/sys/net/npf/npf_session.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6] src/sys/net/npf
Module Name:src
Committed By: riz
Date: Sun Sep 22 17:29:05 UTC 2013
Modified Files:
src/sys/net/npf [netbsd-6]: npf_ctl.c
Log Message:
Pull up following revision(s) (requested by rmind in ticket #952):
sys/net/npf/npf_ctl.c: revision 1.27
npfctl_rule: fixes for the dynamic rules.
To generate a diff of this commit:
cvs rdiff -u -r1.12.2.9 -r1.12.2.10 src/sys/net/npf/npf_ctl.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/net/npf/npf_ctl.c
diff -u src/sys/net/npf/npf_ctl.c:1.12.2.9 src/sys/net/npf/npf_ctl.c:1.12.2.10
--- src/sys/net/npf/npf_ctl.c:1.12.2.9 Mon Feb 18 18:26:14 2013
+++ src/sys/net/npf/npf_ctl.c Sun Sep 22 17:29:05 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_ctl.c,v 1.12.2.9 2013/02/18 18:26:14 riz Exp $ */
+/* $NetBSD: npf_ctl.c,v 1.12.2.10 2013/09/22 17:29:05 riz Exp $ */
/*-
* Copyright (c) 2009-2013 The NetBSD Foundation, Inc.
@@ -37,7 +37,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: npf_ctl.c,v 1.12.2.9 2013/02/18 18:26:14 riz Exp $);
+__KERNEL_RCSID(0, $NetBSD: npf_ctl.c,v 1.12.2.10 2013/09/22 17:29:05 riz Exp $);
#include sys/param.h
#include sys/conf.h
@@ -244,7 +244,7 @@ npf_mk_code(prop_object_t obj, int type,
}
break;
case NPF_CODE_BPF:
- if (!bpf_validate(cptr, clen)) {
+ if (!bpf_validate(cptr, clen / sizeof(struct bpf_insn))) {
return EINVAL;
}
break;
@@ -550,14 +550,16 @@ npfctl_rule(u_long cmd, void *data)
prop_dictionary_get_uint32(npf_rule, command, rcmd);
if (!prop_dictionary_get_cstring_nocopy(npf_rule,
ruleset-name, ruleset_name)) {
- return EINVAL;
+ error = EINVAL;
+ goto out;
}
if (rcmd == NPF_CMD_RULE_ADD) {
- if ((rl = npf_rule_alloc(npf_rule)) == NULL) {
- return EINVAL;
- }
retdict = prop_dictionary_create();
+ if (npf_mk_singlerule(npf_rule, NULL, rl, retdict) != 0) {
+ error = EINVAL;
+ goto out;
+ }
}
npf_config_enter();
@@ -618,6 +620,7 @@ npfctl_rule(u_long cmd, void *data)
if (rl) {
npf_rule_free(rl);
}
+out:
if (retdict) {
prop_object_release(npf_rule);
prop_dictionary_copyout_ioctl(pref, cmd, retdict);
CVS commit: [netbsd-6] src/sys/net/npf
Module Name:src Committed By: riz Date: Sun Sep 22 17:29:05 UTC 2013 Modified Files: src/sys/net/npf [netbsd-6]: npf_ctl.c Log Message: Pull up following revision(s) (requested by rmind in ticket #952): sys/net/npf/npf_ctl.c: revision 1.27 npfctl_rule: fixes for the dynamic rules. To generate a diff of this commit: cvs rdiff -u -r1.12.2.9 -r1.12.2.10 src/sys/net/npf/npf_ctl.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6] src/sys/net/npf
Module Name:src
Committed By: msaitoh
Date: Fri Sep 13 04:12:54 UTC 2013
Modified Files:
src/sys/net/npf [netbsd-6]: npf_inet.c
Log Message:
Pull up following revision (requested by riz in ticket #942):
/sys/net/npf/npf_inet.crevision 1.23
Fix bugs to prevent panic:
- npf_cache_ip: re-fetch IPv6 header since nbufs might have been reallocated.
- npf_cache_all: clear NBUF_DATAREF_RESET since npf_cache_ip() handles it.
To generate a diff of this commit:
cvs rdiff -u -r1.10.4.9 -r1.10.4.10 src/sys/net/npf/npf_inet.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/net/npf/npf_inet.c
diff -u src/sys/net/npf/npf_inet.c:1.10.4.9 src/sys/net/npf/npf_inet.c:1.10.4.10
--- src/sys/net/npf/npf_inet.c:1.10.4.9 Mon Feb 11 21:49:49 2013
+++ src/sys/net/npf/npf_inet.c Fri Sep 13 04:12:54 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_inet.c,v 1.10.4.9 2013/02/11 21:49:49 riz Exp $ */
+/* $NetBSD: npf_inet.c,v 1.10.4.10 2013/09/13 04:12:54 msaitoh Exp $ */
/*-
* Copyright (c) 2009-2012 The NetBSD Foundation, Inc.
@@ -39,7 +39,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: npf_inet.c,v 1.10.4.9 2013/02/11 21:49:49 riz Exp $);
+__KERNEL_RCSID(0, $NetBSD: npf_inet.c,v 1.10.4.10 2013/09/13 04:12:54 msaitoh Exp $);
#include sys/param.h
#include sys/types.h
@@ -391,8 +391,12 @@ npf_cache_ip(npf_cache_t *npc, nbuf_t *n
npc-npc_hlen += hlen;
}
- /* Restore the offset. */
+ /*
+ * Re-fetch the header pointers (nbufs might have been
+ * reallocated). Restore the original offset (if any).
+ */
nbuf_reset(nbuf);
+ ip6 = nbuf_dataptr(nbuf);
if (off) {
nbuf_advance(nbuf, off, 0);
}
@@ -437,6 +441,7 @@ again:
*/
flags = npf_cache_ip(npc, nbuf);
if ((flags NPC_IP46) == 0 || (flags NPC_IPFRAG) != 0) {
+ nbuf_unset_flag(nbuf, NBUF_DATAREF_RESET);
npc-npc_info |= flags;
return flags;
}
CVS commit: [netbsd-6] src/sys/net/npf
Module Name:src Committed By: msaitoh Date: Fri Sep 13 04:12:54 UTC 2013 Modified Files: src/sys/net/npf [netbsd-6]: npf_inet.c Log Message: Pull up following revision (requested by riz in ticket #942): /sys/net/npf/npf_inet.crevision 1.23 Fix bugs to prevent panic: - npf_cache_ip: re-fetch IPv6 header since nbufs might have been reallocated. - npf_cache_all: clear NBUF_DATAREF_RESET since npf_cache_ip() handles it. To generate a diff of this commit: cvs rdiff -u -r1.10.4.9 -r1.10.4.10 src/sys/net/npf/npf_inet.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6] src/sys/net
Module Name:src
Committed By: msaitoh
Date: Wed Sep 11 03:54:35 UTC 2013
Modified Files:
src/sys/net [netbsd-6]: bpf.c
Log Message:
Pull up following revision(s) (requested by spz in ticket #941):
sys/net/bpf.c: revision 1.176
PR/48198: Peter Bex: Avoid kernel panic caused by setting a very small bpf
buffer size.
To generate a diff of this commit:
cvs rdiff -u -r1.168 -r1.168.2.1 src/sys/net/bpf.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/net/bpf.c
diff -u src/sys/net/bpf.c:1.168 src/sys/net/bpf.c:1.168.2.1
--- src/sys/net/bpf.c:1.168 Fri Dec 16 03:05:23 2011
+++ src/sys/net/bpf.c Wed Sep 11 03:54:35 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: bpf.c,v 1.168 2011/12/16 03:05:23 christos Exp $ */
+/* $NetBSD: bpf.c,v 1.168.2.1 2013/09/11 03:54:35 msaitoh Exp $ */
/*
* Copyright (c) 1990, 1991, 1993
@@ -39,7 +39,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: bpf.c,v 1.168 2011/12/16 03:05:23 christos Exp $);
+__KERNEL_RCSID(0, $NetBSD: bpf.c,v 1.168.2.1 2013/09/11 03:54:35 msaitoh Exp $);
#if defined(_KERNEL_OPT)
#include opt_bpf.h
@@ -1560,11 +1560,8 @@ static void
catchpacket(struct bpf_d *d, u_char *pkt, u_int pktlen, u_int snaplen,
void *(*cpfn)(void *, const void *, size_t), struct timespec *ts)
{
- struct bpf_hdr *hp;
-#ifdef _LP64
- struct bpf_hdr32 *hp32;
-#endif
- int totlen, curlen;
+ char *h;
+ int totlen, curlen, caplen;
int hdrlen = bpf_hdrlen(d);
int do_wakeup = 0;
@@ -1579,6 +1576,13 @@ catchpacket(struct bpf_d *d, u_char *pkt
totlen = hdrlen + min(snaplen, pktlen);
if (totlen d-bd_bufsize)
totlen = d-bd_bufsize;
+ /*
+ * If we adjusted totlen to fit the bufsize, it could be that
+ * totlen is smaller than hdrlen because of the link layer header.
+ */
+ caplen = totlen - hdrlen;
+ if (caplen 0)
+ caplen = 0;
/*
* Round up the end of the previous packet to the next longword.
@@ -1619,33 +1623,34 @@ catchpacket(struct bpf_d *d, u_char *pkt
/*
* Append the bpf header.
*/
+ h = (char *)d-bd_sbuf + curlen;
#ifdef _LP64
if (d-bd_compat32) {
- hp32 = (struct bpf_hdr32 *)((char *)d-bd_sbuf + curlen);
+ struct bpf_hdr32 *hp32;
+
+ hp32 = (struct bpf_hdr32 *)h;
hp32-bh_tstamp.tv_sec = ts-tv_sec;
hp32-bh_tstamp.tv_usec = ts-tv_nsec / 1000;
hp32-bh_datalen = pktlen;
hp32-bh_hdrlen = hdrlen;
- /*
- * Copy the packet data into the store buffer and update its length.
- */
- (*cpfn)((u_char *)hp32 + hdrlen, pkt,
- (hp32-bh_caplen = totlen - hdrlen));
+ hp32-bh_caplen = caplen;
} else
#endif
{
- hp = (struct bpf_hdr *)((char *)d-bd_sbuf + curlen);
+ struct bpf_hdr *hp;
+
+ hp = (struct bpf_hdr *)h;
hp-bh_tstamp.tv_sec = ts-tv_sec;
hp-bh_tstamp.tv_usec = ts-tv_nsec / 1000;
hp-bh_datalen = pktlen;
hp-bh_hdrlen = hdrlen;
- /*
- * Copy the packet data into the store buffer and update
- * its length.
- */
- (*cpfn)((u_char *)hp + hdrlen, pkt,
- (hp-bh_caplen = totlen - hdrlen));
+ hp-bh_caplen = caplen;
}
+
+ /*
+ * Copy the packet data into the store buffer and update its length.
+ */
+ (*cpfn)(h + hdrlen, pkt, caplen);
d-bd_slen = curlen + totlen;
/*
CVS commit: [netbsd-6] src/sys/net
Module Name:src Committed By: msaitoh Date: Wed Sep 11 03:54:35 UTC 2013 Modified Files: src/sys/net [netbsd-6]: bpf.c Log Message: Pull up following revision(s) (requested by spz in ticket #941): sys/net/bpf.c: revision 1.176 PR/48198: Peter Bex: Avoid kernel panic caused by setting a very small bpf buffer size. To generate a diff of this commit: cvs rdiff -u -r1.168 -r1.168.2.1 src/sys/net/bpf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6] src/sys/net
Module Name:src
Committed By: msaitoh
Date: Tue Jul 30 03:05:39 UTC 2013
Modified Files:
src/sys/net [netbsd-6]: if_mpls.c
Log Message:
Pull up following revision(s) (requested by kefren in ticket #921):
sys/net/if_mpls.c: revision 1.9
stop abusing kmem during softint context to prevent panic
To generate a diff of this commit:
cvs rdiff -u -r1.8 -r1.8.8.1 src/sys/net/if_mpls.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/net/if_mpls.c
diff -u src/sys/net/if_mpls.c:1.8 src/sys/net/if_mpls.c:1.8.8.1
--- src/sys/net/if_mpls.c:1.8 Sun Jul 3 18:46:12 2011
+++ src/sys/net/if_mpls.c Tue Jul 30 03:05:39 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: if_mpls.c,v 1.8 2011/07/03 18:46:12 kefren Exp $ */
+/* $NetBSD: if_mpls.c,v 1.8.8.1 2013/07/30 03:05:39 msaitoh Exp $ */
/*
* Copyright (c) 2010 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: if_mpls.c,v 1.8 2011/07/03 18:46:12 kefren Exp $);
+__KERNEL_RCSID(0, $NetBSD: if_mpls.c,v 1.8.8.1 2013/07/30 03:05:39 msaitoh Exp $);
#include opt_inet.h
#include opt_mpls.h
@@ -38,7 +38,6 @@ __KERNEL_RCSID(0, $NetBSD: if_mpls.c,v
#include sys/param.h
#include sys/errno.h
-#include sys/kmem.h
#include sys/malloc.h
#include sys/mbuf.h
#include sys/sysctl.h
@@ -518,25 +517,21 @@ mpls_unlabel_inet(struct mbuf *m)
static struct mbuf *
mpls_label_inet(struct mbuf *m, union mpls_shim *ms, uint offset)
{
- struct ip *iphdr;
+ struct ip iphdr;
if (mpls_mapttl_inet || mpls_mapprec_inet) {
if ((m-m_len sizeof(struct ip))
(m = m_pullup(m, offset + sizeof(struct ip))) == 0)
return NULL; /* XXX */
- iphdr = kmem_alloc(sizeof(struct ip), KM_NOSLEEP);
- if (iphdr == NULL)
- return NULL;
- m_copydata(m, offset, sizeof(struct ip), iphdr);
+ m_copydata(m, offset, sizeof(struct ip), iphdr);
/* Map TTL */
if (mpls_mapttl_inet)
- ms-shim.ttl = iphdr-ip_ttl;
+ ms-shim.ttl = iphdr.ip_ttl;
/* Copy IP precedence to EXP */
if (mpls_mapprec_inet)
- ms-shim.exp = ((u_int8_t)iphdr-ip_tos) 5;
- kmem_free (iphdr, sizeof(struct ip));
+ ms-shim.exp = ((u_int8_t)iphdr.ip_tos) 5;
}
if ((m = mpls_prepend_shim(m, ms)) == NULL)
@@ -592,23 +587,19 @@ mpls_unlabel_inet6(struct mbuf *m)
static struct mbuf *
mpls_label_inet6(struct mbuf *m, union mpls_shim *ms, uint offset)
{
- struct ip6_hdr *ip6h;
+ struct ip6_hdr ip6h;
if (mpls_mapttl_inet6 || mpls_mapclass_inet6) {
if (m-m_len sizeof(struct ip6_hdr)
(m = m_pullup(m, offset + sizeof(struct ip6_hdr))) == 0)
return NULL;
- ip6h = kmem_alloc(sizeof(struct ip6_hdr), KM_NOSLEEP);
- if (ip6h == NULL)
- return NULL;
- m_copydata(m, offset, sizeof(struct ip6_hdr), ip6h);
+ m_copydata(m, offset, sizeof(struct ip6_hdr), ip6h);
if (mpls_mapttl_inet6)
- ms-shim.ttl = ip6h-ip6_hlim;
+ ms-shim.ttl = ip6h.ip6_hlim;
if (mpls_mapclass_inet6)
- ms-shim.exp = ip6h-ip6_vfc 1 5;
- kmem_free(ip6h, sizeof(struct ip6_hdr));
+ ms-shim.exp = ip6h.ip6_vfc 1 5;
}
if ((m = mpls_prepend_shim(m, ms)) == NULL)
CVS commit: [netbsd-6] src/sys/net
Module Name:src Committed By: msaitoh Date: Tue Jul 30 03:05:39 UTC 2013 Modified Files: src/sys/net [netbsd-6]: if_mpls.c Log Message: Pull up following revision(s) (requested by kefren in ticket #921): sys/net/if_mpls.c: revision 1.9 stop abusing kmem during softint context to prevent panic To generate a diff of this commit: cvs rdiff -u -r1.8 -r1.8.8.1 src/sys/net/if_mpls.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6] src/sys/net
Module Name:src
Committed By: msaitoh
Date: Mon Jul 29 05:43:13 UTC 2013
Modified Files:
src/sys/net [netbsd-6]: route.c
Log Message:
Pull up following revision(s) (requested by christos in ticket #909):
sys/net/route.c: revision 1.127
PR/44032: Proxy entries stopped working with pppd. The issue here is that
the route entry was added, but the RTF_LLINFO bit was not set, making arp -a
not showing the entry, but netstat -rn -f inet showing it with the missing
L bit. The order of resolution in ifa_ifwithroute() is that if a destination
address is found, then the interface chosen for the route is that of the
destination. This does not work for link-level addresses since the ppp
interface does not arp (uses link_rtrequest, not arp_rtrequest), so the
bit is never set. The easy solution here is to check that the gateway is
a link address, and use the interface which we chose for the link address
as opposed to the interface that routes to the destination. This restores
the previous behavior, but is it correct?
To generate a diff of this commit:
cvs rdiff -u -r1.126 -r1.126.2.1 src/sys/net/route.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/net/route.c
diff -u src/sys/net/route.c:1.126 src/sys/net/route.c:1.126.2.1
--- src/sys/net/route.c:1.126 Mon Jan 30 20:01:08 2012
+++ src/sys/net/route.c Mon Jul 29 05:43:13 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: route.c,v 1.126 2012/01/30 20:01:08 christos Exp $ */
+/* $NetBSD: route.c,v 1.126.2.1 2013/07/29 05:43:13 msaitoh Exp $ */
/*-
* Copyright (c) 1998, 2008 The NetBSD Foundation, Inc.
@@ -93,7 +93,7 @@
#include opt_route.h
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: route.c,v 1.126 2012/01/30 20:01:08 christos Exp $);
+__KERNEL_RCSID(0, $NetBSD: route.c,v 1.126.2.1 2013/07/29 05:43:13 msaitoh Exp $);
#include sys/param.h
#include sys/kmem.h
@@ -594,7 +594,7 @@ ifa_ifwithroute(int flags, const struct
* we can use the local address.
*/
ifa = NULL;
- if (flags RTF_HOST)
+ if ((flags RTF_HOST) gateway-sa_family != AF_LINK)
ifa = ifa_ifwithdstaddr(dst);
if (ifa == NULL)
ifa = ifa_ifwithaddr(gateway);
@@ -619,7 +619,7 @@ ifa_ifwithroute(int flags, const struct
if (ifa-ifa_addr-sa_family != dst-sa_family) {
struct ifaddr *oifa = ifa;
ifa = ifaof_ifpforaddr(dst, ifa-ifa_ifp);
- if (ifa == 0)
+ if (ifa == NULL)
ifa = oifa;
}
return ifa;
CVS commit: [netbsd-6] src/sys/net
Module Name:src Committed By: msaitoh Date: Mon Jul 29 05:43:13 UTC 2013 Modified Files: src/sys/net [netbsd-6]: route.c Log Message: Pull up following revision(s) (requested by christos in ticket #909): sys/net/route.c: revision 1.127 PR/44032: Proxy entries stopped working with pppd. The issue here is that the route entry was added, but the RTF_LLINFO bit was not set, making arp -a not showing the entry, but netstat -rn -f inet showing it with the missing L bit. The order of resolution in ifa_ifwithroute() is that if a destination address is found, then the interface chosen for the route is that of the destination. This does not work for link-level addresses since the ppp interface does not arp (uses link_rtrequest, not arp_rtrequest), so the bit is never set. The easy solution here is to check that the gateway is a link address, and use the interface which we chose for the link address as opposed to the interface that routes to the destination. This restores the previous behavior, but is it correct? To generate a diff of this commit: cvs rdiff -u -r1.126 -r1.126.2.1 src/sys/net/route.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6] src/sys/net
Module Name:src Committed By: riz Date: Fri Feb 8 20:42:51 UTC 2013 Modified Files: src/sys/net [netbsd-6]: if_gif.c Log Message: Pull up following revision(s) (requested by degroote in ticket #792): sys/net/if_gif.c: revision 1.81 PR kern/47419: Antony Mallet: ifconfig doesn't diplay MTU on gif(4) There is no special treatment for SIOCGITMTU in gif(4), so just pass it to ifioctl_common(). To generate a diff of this commit: cvs rdiff -u -r1.80 -r1.80.8.1 src/sys/net/if_gif.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/if_gif.c diff -u src/sys/net/if_gif.c:1.80 src/sys/net/if_gif.c:1.80.8.1 --- src/sys/net/if_gif.c:1.80 Fri Oct 28 16:42:52 2011 +++ src/sys/net/if_gif.c Fri Feb 8 20:42:51 2013 @@ -1,4 +1,4 @@ -/* $NetBSD: if_gif.c,v 1.80 2011/10/28 16:42:52 dyoung Exp $ */ +/* $NetBSD: if_gif.c,v 1.80.8.1 2013/02/08 20:42:51 riz Exp $ */ /* $KAME: if_gif.c,v 1.76 2001/08/20 02:01:02 kjc Exp $ */ /* @@ -31,7 +31,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: if_gif.c,v 1.80 2011/10/28 16:42:52 dyoung Exp $); +__KERNEL_RCSID(0, $NetBSD: if_gif.c,v 1.80.8.1 2013/02/08 20:42:51 riz Exp $); #include opt_inet.h #include opt_iso.h @@ -496,9 +496,6 @@ gif_ioctl(struct ifnet *ifp, u_long cmd, } break; - case SIOCGIFMTU: - break; - case SIOCSIFMTU: if (ifr-ifr_mtu GIF_MTU_MIN || ifr-ifr_mtu GIF_MTU_MAX) return EINVAL;
CVS commit: [netbsd-6] src/sys/net
Module Name:src Committed By: riz Date: Fri Feb 8 20:42:51 UTC 2013 Modified Files: src/sys/net [netbsd-6]: if_gif.c Log Message: Pull up following revision(s) (requested by degroote in ticket #792): sys/net/if_gif.c: revision 1.81 PR kern/47419: Antony Mallet: ifconfig doesn't diplay MTU on gif(4) There is no special treatment for SIOCGITMTU in gif(4), so just pass it to ifioctl_common(). To generate a diff of this commit: cvs rdiff -u -r1.80 -r1.80.8.1 src/sys/net/if_gif.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6] src/sys/net/npf
Module Name:src
Committed By: riz
Date: Sun Dec 16 18:19:53 UTC 2012
Modified Files:
src/sys/net/npf [netbsd-6]: npf.h npf_inet.c npf_mbuf.c
Log Message:
Pull up following revision(s) (requested by rmind in ticket #746):
sys/net/npf/npf_inet.c: revision 1.18
sys/net/npf/npf_mbuf.c: revision 1.8
sys/net/npf/npf.h: revision 1.23
npf_rwrcksum: handle delayed checksums in the network stack; also fix
non-NPF_NAT_PORTS case and add some comments. PR/47235.
To generate a diff of this commit:
cvs rdiff -u -r1.14.2.8 -r1.14.2.9 src/sys/net/npf/npf.h
cvs rdiff -u -r1.10.4.6 -r1.10.4.7 src/sys/net/npf/npf_inet.c
cvs rdiff -u -r1.6.14.1 -r1.6.14.2 src/sys/net/npf/npf_mbuf.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/net/npf/npf.h
diff -u src/sys/net/npf/npf.h:1.14.2.8 src/sys/net/npf/npf.h:1.14.2.9
--- src/sys/net/npf/npf.h:1.14.2.8 Sat Nov 24 04:34:42 2012
+++ src/sys/net/npf/npf.h Sun Dec 16 18:19:52 2012
@@ -1,4 +1,4 @@
-/* $NetBSD: npf.h,v 1.14.2.8 2012/11/24 04:34:42 riz Exp $ */
+/* $NetBSD: npf.h,v 1.14.2.9 2012/12/16 18:19:52 riz Exp $ */
/*-
* Copyright (c) 2009-2012 The NetBSD Foundation, Inc.
@@ -146,6 +146,7 @@ int nbuf_advstore(nbuf_t **, void **, u
int nbuf_fetch_datum(nbuf_t *, void *, size_t, void *);
int nbuf_store_datum(nbuf_t *, void *, size_t, void *);
+void nbuf_cksum_barrier(nbuf_t *);
int nbuf_add_tag(nbuf_t *, uint32_t, uint32_t);
int nbuf_find_tag(nbuf_t *, uint32_t, void **);
Index: src/sys/net/npf/npf_inet.c
diff -u src/sys/net/npf/npf_inet.c:1.10.4.6 src/sys/net/npf/npf_inet.c:1.10.4.7
--- src/sys/net/npf/npf_inet.c:1.10.4.6 Sun Nov 18 22:38:25 2012
+++ src/sys/net/npf/npf_inet.c Sun Dec 16 18:19:52 2012
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_inet.c,v 1.10.4.6 2012/11/18 22:38:25 riz Exp $ */
+/* $NetBSD: npf_inet.c,v 1.10.4.7 2012/12/16 18:19:52 riz Exp $ */
/*-
* Copyright (c) 2009-2012 The NetBSD Foundation, Inc.
@@ -39,7 +39,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: npf_inet.c,v 1.10.4.6 2012/11/18 22:38:25 riz Exp $);
+__KERNEL_RCSID(0, $NetBSD: npf_inet.c,v 1.10.4.7 2012/12/16 18:19:52 riz Exp $);
#include sys/param.h
#include sys/types.h
@@ -597,65 +597,80 @@ npf_rwrcksum(npf_cache_t *npc, nbuf_t *n
{
const int proto = npf_cache_ipproto(npc);
npf_addr_t *oaddr;
- in_port_t *oport;
- uint16_t *cksum;
+ uint16_t *ocksum;
+ in_port_t oport;
u_int offby;
- /* Checksum update for IPv4 header. */
+ /* XXX: NetBSD - process delayed checksums. */
+ if (di == PFIL_OUT proto != IPPROTO_ICMP) {
+ nbuf_cksum_barrier(nbuf);
+ npc-npc_info = ~(NPC_LAYER4 | NPC_TCP | NPC_UDP);
+ if (!npf_cache_all(npc, nbuf)) {
+ return false;
+ }
+ }
+
+ oaddr = (di == PFIL_OUT) ? npc-npc_srcip : npc-npc_dstip;
+
if (npf_iscached(npc, NPC_IP4)) {
struct ip *ip = npc-npc_ip.v4;
uint16_t ipsum;
- oaddr = (di == PFIL_OUT) ? npc-npc_srcip : npc-npc_dstip;
+ /* Recalculate IPv4 checksum, advance to it and rewrite. */
ipsum = npf_addr_cksum(ip-ip_sum, npc-npc_alen, oaddr, addr);
-
- /* Advance to the IPv4 checksum and rewrite it. */
offby = offsetof(struct ip, ip_sum);
if (nbuf_advstore(nbuf, n_ptr, offby, sizeof(ipsum), ipsum))
return false;
-
ip-ip_sum = ipsum;
- offby = npf_cache_hlen(npc) - offby;
} else {
/* No checksum for IPv6. */
KASSERT(npf_iscached(npc, NPC_IP6));
- oaddr = NULL;
offby = 0;
- return false; /* XXX: Not yet supported. */
}
- /* Determine whether TCP/UDP checksum update is needed. */
- if (proto == IPPROTO_ICMP || port == 0) {
+ /* Nothing else to do for ICMP. */
+ if (proto == IPPROTO_ICMP) {
return true;
}
KASSERT(npf_iscached(npc, NPC_TCP) || npf_iscached(npc, NPC_UDP));
+ offby = npf_cache_hlen(npc) - offby;
- /* Calculate TCP/UDP checksum. */
+ /*
+ * Calculate TCP/UDP checksum:
+ * - Skip if UDP and the current checksum is zero.
+ * - Fixup the IP address change.
+ * - Fixup the port change, if required (non-zero).
+ */
if (proto == IPPROTO_TCP) {
struct tcphdr *th = npc-npc_l4.tcp;
- cksum = th-th_sum;
+ ocksum = th-th_sum;
offby += offsetof(struct tcphdr, th_sum);
- oport = (di == PFIL_OUT) ? th-th_sport : th-th_dport;
+ oport = (di == PFIL_OUT) ? th-th_sport : th-th_dport;
} else {
struct udphdr *uh = npc-npc_l4.udp;
KASSERT(proto == IPPROTO_UDP);
- cksum = uh-uh_sum;
- if (*cksum == 0) {
+ ocksum = uh-uh_sum;
+ if (*ocksum == 0) {
/* No need to update. */
return true;
}
offby += offsetof(struct udphdr, uh_sum);
- oport = (di == PFIL_OUT) ? uh-uh_sport : uh-uh_dport;
+ oport = (di == PFIL_OUT) ? uh-uh_sport : uh-uh_dport;
+ }
+
+ uint16_t cksum = *ocksum;
+ cksum = npf_addr_cksum(cksum, npc-npc_alen, oaddr, addr);
+ if (port) {
+ cksum = npf_fixup16_cksum(cksum, oport, port);
}
- *cksum = npf_addr_cksum(*cksum, npc-npc_alen, oaddr, addr);
- *cksum =
CVS commit: [netbsd-6] src/sys/net/npf
Module Name:src Committed By: riz Date: Sun Dec 16 18:19:53 UTC 2012 Modified Files: src/sys/net/npf [netbsd-6]: npf.h npf_inet.c npf_mbuf.c Log Message: Pull up following revision(s) (requested by rmind in ticket #746): sys/net/npf/npf_inet.c: revision 1.18 sys/net/npf/npf_mbuf.c: revision 1.8 sys/net/npf/npf.h: revision 1.23 npf_rwrcksum: handle delayed checksums in the network stack; also fix non-NPF_NAT_PORTS case and add some comments. PR/47235. To generate a diff of this commit: cvs rdiff -u -r1.14.2.8 -r1.14.2.9 src/sys/net/npf/npf.h cvs rdiff -u -r1.10.4.6 -r1.10.4.7 src/sys/net/npf/npf_inet.c cvs rdiff -u -r1.6.14.1 -r1.6.14.2 src/sys/net/npf/npf_mbuf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6] src/sys/net/npf
Module Name:src
Committed By: msaitoh
Date: Mon Nov 19 09:44:43 UTC 2012
Modified Files:
src/sys/net/npf [netbsd-6]: npf.c
Log Message:
Fix a bug that the patch is incorrectly applied with last commit.
To generate a diff of this commit:
cvs rdiff -u -r1.7.2.4 -r1.7.2.5 src/sys/net/npf/npf.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/net/npf/npf.c
diff -u src/sys/net/npf/npf.c:1.7.2.4 src/sys/net/npf/npf.c:1.7.2.5
--- src/sys/net/npf/npf.c:1.7.2.4 Sun Nov 18 22:38:26 2012
+++ src/sys/net/npf/npf.c Mon Nov 19 09:44:42 2012
@@ -1,4 +1,4 @@
-/* $NetBSD: npf.c,v 1.7.2.4 2012/11/18 22:38:26 riz Exp $ */
+/* $NetBSD: npf.c,v 1.7.2.5 2012/11/19 09:44:42 msaitoh Exp $ */
/*-
* Copyright (c) 2009-2012 The NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: npf.c,v 1.7.2.4 2012/11/18 22:38:26 riz Exp $);
+__KERNEL_RCSID(0, $NetBSD: npf.c,v 1.7.2.5 2012/11/19 09:44:42 msaitoh Exp $);
#include sys/param.h
#include sys/types.h
@@ -368,14 +368,14 @@ npf_default_pass(void)
return npf_core-n_default_pass;
}
-/*
- * NPF statistics interface.
bool
npf_autounload_p(void)
{
return !npf_pfil_registered_p() npf_default_pass();
}
+/*
+ * NPF statistics interface.
*/
void
CVS commit: [netbsd-6] src/sys/net
Module Name:src Committed By: riz Date: Mon Nov 19 20:04:22 UTC 2012 Modified Files: src/sys/net [netbsd-6]: if.c Log Message: Pull up following revision(s) (requested by msaitoh in ticket #669): sys/net/if.c: revision 1.261 Fix a bug that SIOCZIFDATA clears if_lastchage by zero. Update if_lastchange with getnanotime(). To generate a diff of this commit: cvs rdiff -u -r1.260 -r1.260.2.1 src/sys/net/if.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/if.c diff -u src/sys/net/if.c:1.260 src/sys/net/if.c:1.260.2.1 --- src/sys/net/if.c:1.260 Fri Feb 3 03:35:30 2012 +++ src/sys/net/if.c Mon Nov 19 20:04:22 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: if.c,v 1.260 2012/02/03 03:35:30 christos Exp $ */ +/* $NetBSD: if.c,v 1.260.2.1 2012/11/19 20:04:22 riz Exp $ */ /*- * Copyright (c) 1999, 2000, 2001, 2008 The NetBSD Foundation, Inc. @@ -90,7 +90,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: if.c,v 1.260 2012/02/03 03:35:30 christos Exp $); +__KERNEL_RCSID(0, $NetBSD: if.c,v 1.260.2.1 2012/11/19 20:04:22 riz Exp $); #include opt_inet.h @@ -1614,6 +1614,14 @@ ifioctl_common(struct ifnet *ifp, u_long */ memset(ifp-if_data.ifi_ipackets, 0, sizeof(ifp-if_data) - offsetof(struct if_data, ifi_ipackets)); + /* + * The memset() clears to the bottm of if_data. In the area, + * if_lastchange is included. Please be careful if new entry + * will be added into if_data or rewite this. + * + * And also, update if_lastchnage. + */ + getnanotime(ifp-if_lastchange); break; case SIOCSIFMTU: ifr = data;
CVS commit: [netbsd-6] src/sys/net/npf
Module Name:src Committed By: msaitoh Date: Mon Nov 19 09:44:43 UTC 2012 Modified Files: src/sys/net/npf [netbsd-6]: npf.c Log Message: Fix a bug that the patch is incorrectly applied with last commit. To generate a diff of this commit: cvs rdiff -u -r1.7.2.4 -r1.7.2.5 src/sys/net/npf/npf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6] src/sys/net
Module Name:src Committed By: riz Date: Mon Nov 19 20:04:22 UTC 2012 Modified Files: src/sys/net [netbsd-6]: if.c Log Message: Pull up following revision(s) (requested by msaitoh in ticket #669): sys/net/if.c: revision 1.261 Fix a bug that SIOCZIFDATA clears if_lastchage by zero. Update if_lastchange with getnanotime(). To generate a diff of this commit: cvs rdiff -u -r1.260 -r1.260.2.1 src/sys/net/if.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6] src/sys/net/npf
Module Name:src
Committed By: riz
Date: Tue Oct 9 23:49:03 UTC 2012
Modified Files:
src/sys/net/npf [netbsd-6]: npf_handler.c
Log Message:
Pull up following revision(s) (requested by rmind in ticket #594):
sys/net/npf/npf_handler.c: revision 1.23
npf_packet_handler: drop the packet if IPv6 reassembly did not work.
To generate a diff of this commit:
cvs rdiff -u -r1.13.2.5 -r1.13.2.6 src/sys/net/npf/npf_handler.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/net/npf/npf_handler.c
diff -u src/sys/net/npf/npf_handler.c:1.13.2.5 src/sys/net/npf/npf_handler.c:1.13.2.6
--- src/sys/net/npf/npf_handler.c:1.13.2.5 Mon Aug 13 17:49:52 2012
+++ src/sys/net/npf/npf_handler.c Tue Oct 9 23:49:03 2012
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_handler.c,v 1.13.2.5 2012/08/13 17:49:52 riz Exp $ */
+/* $NetBSD: npf_handler.c,v 1.13.2.6 2012/10/09 23:49:03 riz Exp $ */
/*-
* Copyright (c) 2009-2012 The NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: npf_handler.c,v 1.13.2.5 2012/08/13 17:49:52 riz Exp $);
+__KERNEL_RCSID(0, $NetBSD: npf_handler.c,v 1.13.2.6 2012/10/09 23:49:03 riz Exp $);
#include sys/types.h
#include sys/param.h
@@ -136,8 +136,10 @@ npf_packet_handler(void *arg, struct mbu
nbuf = (nbuf_t *)*mp;
npc.npc_info = 0;
- int ret __unused = npf_cache_all(npc, nbuf);
- KASSERT((ret NPC_IPFRAG) == 0);
+ if (npf_cache_all(npc, nbuf) NPC_IPFRAG) {
+ se = NULL;
+ goto out;
+ }
npf_stats_inc(NPF_STAT_REASSEMBLY);
}
CVS commit: [netbsd-6] src/sys/net/npf
Module Name:src Committed By: riz Date: Tue Oct 9 23:49:03 UTC 2012 Modified Files: src/sys/net/npf [netbsd-6]: npf_handler.c Log Message: Pull up following revision(s) (requested by rmind in ticket #594): sys/net/npf/npf_handler.c: revision 1.23 npf_packet_handler: drop the packet if IPv6 reassembly did not work. To generate a diff of this commit: cvs rdiff -u -r1.13.2.5 -r1.13.2.6 src/sys/net/npf/npf_handler.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6] src/sys/net/npf
Module Name:src
Committed By: riz
Date: Thu Sep 13 22:33:05 UTC 2012
Modified Files:
src/sys/net/npf [netbsd-6]: npf_alg_icmp.c
Log Message:
Pull up following revision(s) (requested by rmind in ticket #555):
sys/net/npf/npf_alg_icmp.c: revision 1.12
npf_icmp_uniqid: inspect the correct npc_info for IPv4/v6.
To generate a diff of this commit:
cvs rdiff -u -r1.8.4.3 -r1.8.4.4 src/sys/net/npf/npf_alg_icmp.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/net/npf/npf_alg_icmp.c
diff -u src/sys/net/npf/npf_alg_icmp.c:1.8.4.3 src/sys/net/npf/npf_alg_icmp.c:1.8.4.4
--- src/sys/net/npf/npf_alg_icmp.c:1.8.4.3 Wed Jul 25 20:45:23 2012
+++ src/sys/net/npf/npf_alg_icmp.c Thu Sep 13 22:33:05 2012
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_alg_icmp.c,v 1.8.4.3 2012/07/25 20:45:23 jdc Exp $ */
+/* $NetBSD: npf_alg_icmp.c,v 1.8.4.4 2012/09/13 22:33:05 riz Exp $ */
/*-
* Copyright (c) 2010 The NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: npf_alg_icmp.c,v 1.8.4.3 2012/07/25 20:45:23 jdc Exp $);
+__KERNEL_RCSID(0, $NetBSD: npf_alg_icmp.c,v 1.8.4.4 2012/09/13 22:33:05 riz Exp $);
#include sys/param.h
#include sys/module.h
@@ -155,13 +155,14 @@ npfa_icmp_match(npf_cache_t *npc, nbuf_t
* or TCP/UDP ports of the original packet, which is embedded.
*/
static bool
-npf_icmp_uniqid(const int type, npf_cache_t *npc, nbuf_t *nbuf, void *n_ptr)
+npf_icmp_uniqid(const int npcinf, const int type,
+npf_cache_t *npc, nbuf_t *nbuf, void *n_ptr)
{
struct icmp *ic;
struct icmp6_hdr *ic6;
u_intoffby;
- if (npf_iscached(npc, NPC_IP4)) {
+ if (npcinf NPC_IP4) {
/* Per RFC 792. */
switch (type) {
case ICMP_UNREACH:
@@ -209,7 +210,7 @@ npf_icmp_uniqid(const int type, npf_cach
/* No unique IDs. */
return false;
}
- if (npf_iscached(npc, NPC_IP6)) {
+ if (npcinf NPC_IP6) {
switch (type) {
/* Per RFC 4443. */
case ICMP6_DST_UNREACH:
@@ -307,7 +308,8 @@ npfa_icmp_session(npf_cache_t *npc, nbuf
/* Fetch relevant data into the separate (key) cache. */
struct icmp *ic = npc-npc_l4.icmp;
- if (!npf_icmp_uniqid(ic-icmp_type, key, nbuf, n_ptr)) {
+ if (!npf_icmp_uniqid(npc-npc_info NPC_IP46, ic-icmp_type,
+ key, nbuf, n_ptr)) {
return false;
}
CVS commit: [netbsd-6] src/sys/net/npf
Module Name:src Committed By: riz Date: Thu Sep 13 22:33:05 UTC 2012 Modified Files: src/sys/net/npf [netbsd-6]: npf_alg_icmp.c Log Message: Pull up following revision(s) (requested by rmind in ticket #555): sys/net/npf/npf_alg_icmp.c: revision 1.12 npf_icmp_uniqid: inspect the correct npc_info for IPv4/v6. To generate a diff of this commit: cvs rdiff -u -r1.8.4.3 -r1.8.4.4 src/sys/net/npf/npf_alg_icmp.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6] src/sys/net
Module Name:src Committed By: riz Date: Mon Aug 20 19:23:07 UTC 2012 Modified Files: src/sys/net [netbsd-6]: if_ethersubr.c Log Message: Pull up following revision(s) (requested by christos in ticket #517): sys/net/if_ethersubr.c: revision 1.190 PR/46587: Roger Pau Monne: Prevent panic on shutdown on bridge teardown - ifpromisc- if_ioctl - if_init. Idea from dyoung. XXX: Pullup to 6. To generate a diff of this commit: cvs rdiff -u -r1.188.8.1 -r1.188.8.2 src/sys/net/if_ethersubr.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/if_ethersubr.c diff -u src/sys/net/if_ethersubr.c:1.188.8.1 src/sys/net/if_ethersubr.c:1.188.8.2 --- src/sys/net/if_ethersubr.c:1.188.8.1 Fri May 18 17:04:28 2012 +++ src/sys/net/if_ethersubr.c Mon Aug 20 19:23:07 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: if_ethersubr.c,v 1.188.8.1 2012/05/18 17:04:28 riz Exp $ */ +/* $NetBSD: if_ethersubr.c,v 1.188.8.2 2012/08/20 19:23:07 riz Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -61,7 +61,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: if_ethersubr.c,v 1.188.8.1 2012/05/18 17:04:28 riz Exp $); +__KERNEL_RCSID(0, $NetBSD: if_ethersubr.c,v 1.188.8.2 2012/08/20 19:23:07 riz Exp $); #include opt_inet.h #include opt_atalk.h @@ -1144,6 +1144,15 @@ ether_ifdetach(struct ifnet *ifp) struct ether_multi *enm; int s; + /* + * Prevent further calls to ioctl (for example turning off + * promiscuous mode from the bridge code), which eventually can + * call if_init() which can cause panics because the interface + * is in the process of being detached. Return device not configured + * instead. + */ + ifp-if_ioctl = (int (*)(struct ifnet *, u_long, void *))enxio; + #if NBRIDGE 0 if (ifp-if_bridge) bridge_ifdetach(ifp);
CVS commit: [netbsd-6] src/sys/net
Module Name:src Committed By: riz Date: Mon Aug 20 19:23:07 UTC 2012 Modified Files: src/sys/net [netbsd-6]: if_ethersubr.c Log Message: Pull up following revision(s) (requested by christos in ticket #517): sys/net/if_ethersubr.c: revision 1.190 PR/46587: Roger Pau Monne: Prevent panic on shutdown on bridge teardown - ifpromisc- if_ioctl - if_init. Idea from dyoung. XXX: Pullup to 6. To generate a diff of this commit: cvs rdiff -u -r1.188.8.1 -r1.188.8.2 src/sys/net/if_ethersubr.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6] src/sys/net
Module Name:src Committed By: martin Date: Wed Aug 8 15:35:15 UTC 2012 Modified Files: src/sys/net [netbsd-6]: if_types.h Log Message: Pull up following revision(s) (requested by wiz in ticket #464): sys/net/if_types.h: revision 1.26 Avoid ambiguity by having only one comment close mark. PR 46771 by bsiegert. To generate a diff of this commit: cvs rdiff -u -r1.25 -r1.25.104.1 src/sys/net/if_types.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/if_types.h diff -u src/sys/net/if_types.h:1.25 src/sys/net/if_types.h:1.25.104.1 --- src/sys/net/if_types.h:1.25 Thu May 18 09:05:51 2006 +++ src/sys/net/if_types.h Wed Aug 8 15:35:14 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: if_types.h,v 1.25 2006/05/18 09:05:51 liamjfoy Exp $ */ +/* $NetBSD: if_types.h,v 1.25.104.1 2012/08/08 15:35:14 martin Exp $ */ /* * Copyright (c) 1989, 1993, 1994 @@ -249,7 +249,7 @@ #define IFT_DOCSCABLEUPSTREAMCHANNEL 0xcd /* CATV Upstream Channel */ #define IFT_ECONET 0xce /* Acorn Econet */ #define IFT_PON155 0xcf /* FSAN 155Mb Symetrical PON interface */ -#define IFT_PON622 0xd0 /* FSAN 622Mb Symetrical PON interface */*/ +#define IFT_PON622 0xd0 /* FSAN 622Mb Symetrical PON interface */ #define IFT_BRIDGE 0xd1 /* Transparent bridge interface */ #define IFT_LINEGROUP 0xd2 /* Interface common to multiple lines */ #define IFT_VOICEEMFGD 0xd3 /* voice EM Feature Group D */
CVS commit: [netbsd-6] src/sys/net
Module Name:src Committed By: martin Date: Wed Aug 8 15:35:15 UTC 2012 Modified Files: src/sys/net [netbsd-6]: if_types.h Log Message: Pull up following revision(s) (requested by wiz in ticket #464): sys/net/if_types.h: revision 1.26 Avoid ambiguity by having only one comment close mark. PR 46771 by bsiegert. To generate a diff of this commit: cvs rdiff -u -r1.25 -r1.25.104.1 src/sys/net/if_types.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6] src/sys/net
Module Name:src
Committed By: riz
Date: Tue Jun 12 18:25:10 UTC 2012
Modified Files:
src/sys/net [netbsd-6]: bpf.h
Log Message:
Pull up following revision(s) (requested by abs in ticket #312):
sys/net/bpf.h: revision 1.59
add {__BEGIN,__END}_DECLS
To generate a diff of this commit:
cvs rdiff -u -r1.58 -r1.58.8.1 src/sys/net/bpf.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/net/bpf.h
diff -u src/sys/net/bpf.h:1.58 src/sys/net/bpf.h:1.58.8.1
--- src/sys/net/bpf.h:1.58 Tue Aug 30 14:22:22 2011
+++ src/sys/net/bpf.h Tue Jun 12 18:25:10 2012
@@ -1,4 +1,4 @@
-/* $NetBSD: bpf.h,v 1.58 2011/08/30 14:22:22 bouyer Exp $ */
+/* $NetBSD: bpf.h,v 1.58.8.1 2012/06/12 18:25:10 riz Exp $ */
/*
* Copyright (c) 1990, 1991, 1993
@@ -45,6 +45,8 @@
/* BSD style release date */
#define BPF_RELEASE 199606
+__BEGIN_DECLS
+
typedef int bpf_int32;
typedef u_int bpf_u_int32;
@@ -381,6 +383,8 @@ void bpfilterattach(int);
int bpf_validate(const struct bpf_insn *, int);
u_int bpf_filter(const struct bpf_insn *, const u_char *, u_int, u_int);
+__END_DECLS
+
/*
* Number of scratch memory words (for BPF_LD|BPF_MEM and BPF_ST).
*/
CVS commit: [netbsd-6] src/sys/net
Module Name:src
Committed By: riz
Date: Tue Jun 12 18:25:10 UTC 2012
Modified Files:
src/sys/net [netbsd-6]: bpf.h
Log Message:
Pull up following revision(s) (requested by abs in ticket #312):
sys/net/bpf.h: revision 1.59
add {__BEGIN,__END}_DECLS
To generate a diff of this commit:
cvs rdiff -u -r1.58 -r1.58.8.1 src/sys/net/bpf.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
CVS commit: [netbsd-6] src/sys/net
Module Name:src Committed By: riz Date: Fri May 18 17:04:28 UTC 2012 Modified Files: src/sys/net [netbsd-6]: if_ethersubr.c Log Message: Pull up following revision(s) (requested by chs in ticket #258): sys/net/if_ethersubr.c: revision 1.189 in ether_ifdetach(), clear if_mowner before releasing what it points to. fixes PR 42982. To generate a diff of this commit: cvs rdiff -u -r1.188 -r1.188.8.1 src/sys/net/if_ethersubr.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/if_ethersubr.c diff -u src/sys/net/if_ethersubr.c:1.188 src/sys/net/if_ethersubr.c:1.188.8.1 --- src/sys/net/if_ethersubr.c:1.188 Thu Jun 16 19:47:30 2011 +++ src/sys/net/if_ethersubr.c Fri May 18 17:04:28 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: if_ethersubr.c,v 1.188 2011/06/16 19:47:30 kefren Exp $ */ +/* $NetBSD: if_ethersubr.c,v 1.188.8.1 2012/05/18 17:04:28 riz Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -61,7 +61,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: if_ethersubr.c,v 1.188 2011/06/16 19:47:30 kefren Exp $); +__KERNEL_RCSID(0, $NetBSD: if_ethersubr.c,v 1.188.8.1 2012/05/18 17:04:28 riz Exp $); #include opt_inet.h #include opt_atalk.h @@ -1168,6 +1168,7 @@ ether_ifdetach(struct ifnet *ifp) if_free_sadl(ifp); #endif + ifp-if_mowner = NULL; MOWNER_DETACH(ec-ec_rx_mowner); MOWNER_DETACH(ec-ec_tx_mowner); }
CVS commit: [netbsd-6] src/sys/net
Module Name:src Committed By: riz Date: Fri May 18 17:04:28 UTC 2012 Modified Files: src/sys/net [netbsd-6]: if_ethersubr.c Log Message: Pull up following revision(s) (requested by chs in ticket #258): sys/net/if_ethersubr.c: revision 1.189 in ether_ifdetach(), clear if_mowner before releasing what it points to. fixes PR 42982. To generate a diff of this commit: cvs rdiff -u -r1.188 -r1.188.8.1 src/sys/net/if_ethersubr.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
