CVS commit: [netbsd-5] src/sys/dist/ipf/netinet

[Manuel Bouyer]

Module Name:src
Committed By:   bouyer
Date:   Mon Jan 21 20:18:35 UTC 2013

Modified Files:
src/sys/dist/ipf/netinet [netbsd-5]: ip_fil_netbsd.c

Log Message:
Pull up following revision(s) (requested by msaitoh in ticket #1840):
sys/external/bsd/ipf/netinet/ip_fil_netbsd.c: revision 1.4 via patch
Fix off-by-one read error.


To generate a diff of this commit:
cvs rdiff -u -r1.46.8.3 -r1.46.8.4 src/sys/dist/ipf/netinet/ip_fil_netbsd.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/dist/ipf/netinet/ip_fil_netbsd.c
diff -u src/sys/dist/ipf/netinet/ip_fil_netbsd.c:1.46.8.3 src/sys/dist/ipf/netinet/ip_fil_netbsd.c:1.46.8.4
--- src/sys/dist/ipf/netinet/ip_fil_netbsd.c:1.46.8.3	Sun Sep 12 18:59:01 2010
+++ src/sys/dist/ipf/netinet/ip_fil_netbsd.c	Mon Jan 21 20:18:35 2013
@@ -1,4 +1,4 @@
-/*	$NetBSD: ip_fil_netbsd.c,v 1.46.8.3 2010/09/12 18:59:01 snj Exp $	*/
+/*	$NetBSD: ip_fil_netbsd.c,v 1.46.8.4 2013/01/21 20:18:35 bouyer Exp $	*/
 
 /*
  * Copyright (C) 1993-2003 by Darren Reed.
@@ -8,7 +8,7 @@
 #if !defined(lint)
 #if defined(__NetBSD__)
 #include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: ip_fil_netbsd.c,v 1.46.8.3 2010/09/12 18:59:01 snj Exp $);
+__KERNEL_RCSID(0, $NetBSD: ip_fil_netbsd.c,v 1.46.8.4 2013/01/21 20:18:35 bouyer Exp $);
 #else
 static const char sccsid[] = @(#)ip_fil.c	2.41 6/5/96 (C) 1993-2000 Darren Reed;
 static const char rcsid[] = @(#)Id: ip_fil_netbsd.c,v 2.55.2.59 2008/03/01 23:16:38 darrenr Exp;
@@ -958,7 +958,7 @@ int dst;
 
 	code = fin-fin_icode;
 #ifdef USE_INET6
-	if ((code  0) || (code  sizeof(icmptoicmp6unreach)/sizeof(int)))
+	if ((code  0) || (code = sizeof(icmptoicmp6unreach)/sizeof(int)))
 		return -1;
 #endif
 

CVS commit: [netbsd-5] src/sys/dist/ipf/netinet

[Soren Jacobsen]

Module Name:src
Committed By:   snj
Date:   Sun Sep 12 18:59:02 UTC 2010

Modified Files:
src/sys/dist/ipf/netinet [netbsd-5]: ip_fil_netbsd.c

Log Message:
Pull up following revision(s) (requested by mlelstv in ticket #1453):
sys/dist/ipf/netinet/ip_fil_netbsd.c: revision 1.56
Fix mbuf corruption when sending ICMP errors for blocked IPv6
packets due to wrong buffer size computations. The corrupted
mbufs could lead to a panic.
Fix computation of link mtu where the link mtu itself is unspecified.
Limit ICMP error packets for IPv6 to MMTU as required by RFC4443. This
also avoids dropped errors when the length exceeds the link mtu.


To generate a diff of this commit:
cvs rdiff -u -r1.46.8.2 -r1.46.8.3 src/sys/dist/ipf/netinet/ip_fil_netbsd.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/dist/ipf/netinet/ip_fil_netbsd.c
diff -u src/sys/dist/ipf/netinet/ip_fil_netbsd.c:1.46.8.2 src/sys/dist/ipf/netinet/ip_fil_netbsd.c:1.46.8.3
--- src/sys/dist/ipf/netinet/ip_fil_netbsd.c:1.46.8.2	Mon May 11 20:02:43 2009
+++ src/sys/dist/ipf/netinet/ip_fil_netbsd.c	Sun Sep 12 18:59:01 2010
@@ -1,4 +1,4 @@
-/*	$NetBSD: ip_fil_netbsd.c,v 1.46.8.2 2009/05/11 20:02:43 bouyer Exp $	*/
+/*	$NetBSD: ip_fil_netbsd.c,v 1.46.8.3 2010/09/12 18:59:01 snj Exp $	*/
 
 /*
  * Copyright (C) 1993-2003 by Darren Reed.
@@ -8,7 +8,7 @@
 #if !defined(lint)
 #if defined(__NetBSD__)
 #include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: ip_fil_netbsd.c,v 1.46.8.2 2009/05/11 20:02:43 bouyer Exp $);
+__KERNEL_RCSID(0, $NetBSD: ip_fil_netbsd.c,v 1.46.8.3 2010/09/12 18:59:01 snj Exp $);
 #else
 static const char sccsid[] = @(#)ip_fil.c	2.41 6/5/96 (C) 1993-2000 Darren Reed;
 static const char rcsid[] = @(#)Id: ip_fil_netbsd.c,v 2.55.2.59 2008/03/01 23:16:38 darrenr Exp;
@@ -1002,6 +1002,7 @@
 
 		hlen = sizeof(ip_t);
 		ohlen = fin-fin_hlen;
+		iclen = hlen + offsetof(struct icmp, icmp_ip) + ohlen;
 		if (fin-fin_hlen  fin-fin_plen)
 			xtra = MIN(fin-fin_dlen, 8);
 		else
@@ -1012,12 +1013,12 @@
 	else if (fin-fin_v == 6) {
 		hlen = sizeof(ip6_t);
 		ohlen = sizeof(ip6_t);
+		iclen = hlen + offsetof(struct icmp, icmp_ip) + ohlen;
 		type = icmptoicmp6types[type];
 		if (type == ICMP6_DST_UNREACH)
 			code = icmptoicmp6unreach[code];
 
-		if (hlen + sizeof(*icmp) + max_linkhdr +
-		fin-fin_plen  avail) {
+		if (iclen + max_linkhdr + fin-fin_plen  avail) {
 			MCLGET(m, M_DONTWAIT);
 			if (m == NULL)
 return -1;
@@ -1028,7 +1029,14 @@
 			avail = MCLBYTES;
 		}
 		xtra = MIN(fin-fin_plen,
-			   avail - hlen - sizeof(*icmp) - max_linkhdr);
+			   avail - iclen - max_linkhdr);
+		/* RFC4443 asks for 'as much of invoking packet
+		 * as possible without the ICMPv6 packet exceeding
+		 * the minimum IPv6 MTU'
+		 * fr_send_ip also drops packets larger than the
+		 * link mtu
+		 */
+		xtra = MIN(xtra, IPV6_MMTU - iclen);
 		if (dst == 0) {
 			if (fr_ifpaddr(6, FRI_NORMAL, ifp,
    (struct in_addr *)dst6, NULL) == -1) {
@@ -1044,7 +1052,6 @@
 		return -1;
 	}
 
-	iclen = hlen + sizeof(*icmp);
 	avail -= (max_linkhdr + iclen);
 	if (avail  0) {
 		FREE_MB_T(m);
@@ -1531,9 +1538,7 @@
 
 	{
 # if (__NetBSD_Version__ = 10601)
-#  if (__NetBSD_Version__ = 399001400)
-		struct in6_ifextra *ife;
-#  else
+#  if (__NetBSD_Version__  399001400)
 		struct in6_addr finaldst = fin-fin_dst6;
 		int frag;
 #  endif
@@ -1553,8 +1558,7 @@
 		mtu = nd_ifinfo[ifp-if_index].linkmtu;
 # else
 #  if (__NetBSD_Version__ = 399001400)
-		ife = (struct in6_ifextra *)(ifp)-if_afdata[AF_INET6];
-		mtu = ife-nd_ifinfo[ifp-if_index].linkmtu;
+		mtu = IN6_LINKMTU(ifp);
 #  else
 		error = ip6_getpmtu(ro, ro, ifp, finaldst, mtu, frag);
 #  endif