CVS commit: [netbsd-7] src/sys/external/bsd/ipf/netinet
Module Name:src Committed By: martin Date: Fri Aug 9 19:24:22 UTC 2019 Modified Files: src/sys/external/bsd/ipf/netinet [netbsd-7]: fil.c Log Message: Pull up following revision(s) (requested by christos in ticket #1701): sys/external/bsd/ipf/netinet/fil.c: revision 1.30 PR/54443: Edgar Fu�: ipf mistakenly regards UDP packet with checksum field 0x as bad To generate a diff of this commit: cvs rdiff -u -r1.15.2.3 -r1.15.2.4 src/sys/external/bsd/ipf/netinet/fil.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-7] src/sys/external/bsd/ipf/netinet
Module Name:src
Committed By: martin
Date: Fri Aug 9 19:24:22 UTC 2019
Modified Files:
src/sys/external/bsd/ipf/netinet [netbsd-7]: fil.c
Log Message:
Pull up following revision(s) (requested by christos in ticket #1701):
sys/external/bsd/ipf/netinet/fil.c: revision 1.30
PR/54443: Edgar Fu�: ipf mistakenly regards UDP packet with checksum field
0x as bad
To generate a diff of this commit:
cvs rdiff -u -r1.15.2.3 -r1.15.2.4 src/sys/external/bsd/ipf/netinet/fil.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/external/bsd/ipf/netinet/fil.c
diff -u src/sys/external/bsd/ipf/netinet/fil.c:1.15.2.3 src/sys/external/bsd/ipf/netinet/fil.c:1.15.2.4
--- src/sys/external/bsd/ipf/netinet/fil.c:1.15.2.3 Thu Jun 29 12:24:10 2017
+++ src/sys/external/bsd/ipf/netinet/fil.c Fri Aug 9 19:24:22 2019
@@ -1,4 +1,4 @@
-/* $NetBSD: fil.c,v 1.15.2.3 2017/06/29 12:24:10 sborrill Exp $ */
+/* $NetBSD: fil.c,v 1.15.2.4 2019/08/09 19:24:22 martin Exp $ */
/*
* Copyright (C) 2012 by Darren Reed.
@@ -138,7 +138,7 @@ extern struct timeout ipf_slowtimer_ch;
#if !defined(lint)
#if defined(__NetBSD__)
#include
-__KERNEL_RCSID(0, "$NetBSD: fil.c,v 1.15.2.3 2017/06/29 12:24:10 sborrill Exp $");
+__KERNEL_RCSID(0, "$NetBSD: fil.c,v 1.15.2.4 2019/08/09 19:24:22 martin Exp $");
#else
static const char sccsid[] = "@(#)fil.c 1.36 6/5/96 (C) 1993-2000 Darren Reed";
static const char rcsid[] = "@(#)Id: fil.c,v 1.1.1.2 2012/07/22 13:45:07 darrenr Exp $";
@@ -6474,8 +6474,11 @@ ipf_checkl4sum(fr_info_t *fin)
/*NOTREACHED*/
}
- if (csump != NULL)
+ if (csump != NULL) {
hdrsum = *csump;
+ if (fin->fin_p == IPPROTO_UDP && hdrsum == 0x)
+ hdrsum = 0x;
+ }
if (dosum) {
sum = fr_cksum(fin, fin->fin_ip, fin->fin_p, fin->fin_dp);
CVS commit: [netbsd-7] src/sys/external/bsd/ipf/netinet
Module Name:src
Committed By: snj
Date: Wed Jan 3 19:30:45 UTC 2018
Modified Files:
src/sys/external/bsd/ipf/netinet [netbsd-7]: ip_state.c
Log Message:
Pull up following revision(s) (requested by sborrill in ticket #1525):
sys/external/bsd/ipf/netinet/ip_state.c: 1.9-1.10
When growing the state, remember to grow the seed array, otherwise we'll end
up accessing memory we did not allocate.
--
put back the cast.
To generate a diff of this commit:
cvs rdiff -u -r1.6.4.1 -r1.6.4.2 src/sys/external/bsd/ipf/netinet/ip_state.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/external/bsd/ipf/netinet/ip_state.c
diff -u src/sys/external/bsd/ipf/netinet/ip_state.c:1.6.4.1 src/sys/external/bsd/ipf/netinet/ip_state.c:1.6.4.2
--- src/sys/external/bsd/ipf/netinet/ip_state.c:1.6.4.1 Thu Jun 29 12:24:10 2017
+++ src/sys/external/bsd/ipf/netinet/ip_state.c Wed Jan 3 19:30:45 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: ip_state.c,v 1.6.4.1 2017/06/29 12:24:10 sborrill Exp $ */
+/* $NetBSD: ip_state.c,v 1.6.4.2 2018/01/03 19:30:45 snj Exp $ */
/*
* Copyright (C) 2012 by Darren Reed.
@@ -100,7 +100,7 @@ struct file;
#if !defined(lint)
#if defined(__NetBSD__)
#include
-__KERNEL_RCSID(0, "$NetBSD: ip_state.c,v 1.6.4.1 2017/06/29 12:24:10 sborrill Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip_state.c,v 1.6.4.2 2018/01/03 19:30:45 snj Exp $");
#else
static const char sccsid[] = "@(#)ip_state.c 1.8 6/5/96 (C) 1993-2000 Darren Reed";
static const char rcsid[] = "@(#)Id: ip_state.c,v 1.1.1.2 2012/07/22 13:45:37 darrenr Exp";
@@ -298,6 +298,32 @@ ipf_state_soft_destroy(ipf_main_softc_t
KFREE(softs);
}
+static void *
+ipf_state_seed_alloc(u_int state_size, u_int state_max)
+{
+ u_int i;
+ u_long *state_seed;
+ KMALLOCS(state_seed, u_long *, state_size * sizeof(*state_seed));
+ if (state_seed == NULL)
+ return NULL;
+
+ for (i = 0; i < state_size; i++) {
+ /*
+ * XXX - ipf_state_seed[X] should be a random number of sorts.
+ */
+#if !defined(NEED_LOCAL_RAND) && defined(_KERNEL)
+ state_seed[i] = cprng_fast32();
+#else
+ state_seed[i] = ((u_long)state_seed + i) * state_size;
+ state_seed[i] ^= 0xa5a55a5a;
+ state_seed[i] *= (u_long)state_seed;
+ state_seed[i] ^= 0x5a5aa5a5;
+ state_seed[i] *= state_max;
+#endif
+ }
+ return state_seed;
+}
+
/* */
/* Function:ipf_state_soft_init */
@@ -328,27 +354,11 @@ ipf_state_soft_init(ipf_main_softc_t *so
bzero((char *)softs->ipf_state_table,
softs->ipf_state_size * sizeof(ipstate_t *));
- KMALLOCS(softs->ipf_state_seed, u_long *,
- softs->ipf_state_size * sizeof(*softs->ipf_state_seed));
+ softs->ipf_state_seed = ipf_state_seed_alloc(softs->ipf_state_size,
+ softs->ipf_state_max);
if (softs->ipf_state_seed == NULL)
return -2;
- for (i = 0; i < softs->ipf_state_size; i++) {
- /*
- * XXX - ipf_state_seed[X] should be a random number of sorts.
- */
-#if !defined(NEED_LOCAL_RAND) && defined(_KERNEL)
- softs->ipf_state_seed[i] = cprng_fast32();
-#else
- softs->ipf_state_seed[i] = ((u_long)softs->ipf_state_seed + i) *
-softs->ipf_state_size;
- softs->ipf_state_seed[i] ^= 0xa5a55a5a;
- softs->ipf_state_seed[i] *= (u_long)softs->ipf_state_seed;
- softs->ipf_state_seed[i] ^= 0x5a5aa5a5;
- softs->ipf_state_seed[i] *= softs->ipf_state_max;
-#endif
- }
-
KMALLOCS(softs->ipf_state_stats.iss_bucketlen, u_int *,
softs->ipf_state_size * sizeof(u_int));
if (softs->ipf_state_stats.iss_bucketlen == NULL)
@@ -5137,6 +5147,7 @@ ipf_state_rehash(ipf_main_softc_t *softc
{
ipf_state_softc_t *softs = softc->ipf_state_soft;
ipstate_t **newtab, *is;
+ u_long *newseed;
u_int *bucketlens;
u_int maxbucket;
u_int newsize;
@@ -5163,6 +5174,14 @@ ipf_state_rehash(ipf_main_softc_t *softc
return ENOMEM;
}
+ newseed = ipf_state_seed_alloc(newsize, softs->ipf_state_max);
+ if (newseed == NULL) {
+ KFREES(bucketlens, newsize * sizeof(*bucketlens));
+ KFREES(newtab, newsize * sizeof(*newtab));
+ IPFERROR(100037);
+ return ENOMEM;
+ }
+
for (maxbucket = 0, i = newsize; i > 0; i >>= 1)
maxbucket++;
maxbucket *= 2;
@@ -5178,6 +5197,12 @@ ipf_state_rehash(ipf_main_softc_t *softc
}
softs->ipf_state_table = newtab;
+ if (softs->ipf_state_seed != NULL) {
+ KFREES(softs->ipf_state_seed,
+ softs->ipf_state_size * sizeof(*softs->ipf_state_seed));
+ }
+ softs->ipf_state_seed = newseed;
+
if (softs->ipf_state_stats.iss_bucketlen != NULL) {
KFREES(softs->ipf_state_stats.iss_bucketlen,
softs->ipf_state_size * sizeof(u_int));
CVS commit: [netbsd-7] src/sys/external/bsd/ipf/netinet
Module Name:src Committed By: snj Date: Wed Jan 3 19:30:45 UTC 2018 Modified Files: src/sys/external/bsd/ipf/netinet [netbsd-7]: ip_state.c Log Message: Pull up following revision(s) (requested by sborrill in ticket #1525): sys/external/bsd/ipf/netinet/ip_state.c: 1.9-1.10 When growing the state, remember to grow the seed array, otherwise we'll end up accessing memory we did not allocate. -- put back the cast. To generate a diff of this commit: cvs rdiff -u -r1.6.4.1 -r1.6.4.2 src/sys/external/bsd/ipf/netinet/ip_state.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-7] src/sys/external/bsd/ipf/netinet
Module Name:src
Committed By: sborrill
Date: Thu Jun 29 12:24:10 UTC 2017
Modified Files:
src/sys/external/bsd/ipf/netinet [netbsd-7]: fil.c ip_frag.c ip_state.c
Log Message:
Pull up the following revisions(s) (requested by christos in ticket #1412):
sys/external/bsd/ipf/netinet/fil.c: revision 1.20
sys/external/bsd/ipf/netinet/ip_state.c:revision 1.7
sys/external/bsd/ipf/netinet/ip_frag.c: revision 1.5
Disconnect maintaining fragment state from keeping session state. The user
now must specify keep frags along with keep state to have ipfilter do what
it did before, as documented in ipf.conf.5.
Free the right fragment. This will cause use after free issues and eventually
panic.
To generate a diff of this commit:
cvs rdiff -u -r1.15.2.2 -r1.15.2.3 src/sys/external/bsd/ipf/netinet/fil.c
cvs rdiff -u -r1.3 -r1.3.14.1 src/sys/external/bsd/ipf/netinet/ip_frag.c
cvs rdiff -u -r1.6 -r1.6.4.1 src/sys/external/bsd/ipf/netinet/ip_state.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/external/bsd/ipf/netinet/fil.c
diff -u src/sys/external/bsd/ipf/netinet/fil.c:1.15.2.2 src/sys/external/bsd/ipf/netinet/fil.c:1.15.2.3
--- src/sys/external/bsd/ipf/netinet/fil.c:1.15.2.2 Fri Apr 29 19:00:40 2016
+++ src/sys/external/bsd/ipf/netinet/fil.c Thu Jun 29 12:24:10 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: fil.c,v 1.15.2.2 2016/04/29 19:00:40 snj Exp $ */
+/* $NetBSD: fil.c,v 1.15.2.3 2017/06/29 12:24:10 sborrill Exp $ */
/*
* Copyright (C) 2012 by Darren Reed.
@@ -138,7 +138,7 @@ extern struct timeout ipf_slowtimer_ch;
#if !defined(lint)
#if defined(__NetBSD__)
#include
-__KERNEL_RCSID(0, "$NetBSD: fil.c,v 1.15.2.2 2016/04/29 19:00:40 snj Exp $");
+__KERNEL_RCSID(0, "$NetBSD: fil.c,v 1.15.2.3 2017/06/29 12:24:10 sborrill Exp $");
#else
static const char sccsid[] = "@(#)fil.c 1.36 6/5/96 (C) 1993-2000 Darren Reed";
static const char rcsid[] = "@(#)Id: fil.c,v 1.1.1.2 2012/07/22 13:45:07 darrenr Exp $";
@@ -2689,7 +2689,7 @@ ipf_firewall(fr_info_t *fin, u_32_t *pas
* If the rule has "keep frag" and the packet is actually a fragment,
* then create a fragment state entry.
*/
- if ((pass & (FR_KEEPFRAG|FR_KEEPSTATE)) == FR_KEEPFRAG) {
+ if (pass & FR_KEEPFRAG) {
if (fin->fin_flx & FI_FRAG) {
if (ipf_frag_new(softc, fin, pass) == -1) {
LBUMP(ipf_stats[out].fr_bnfr);
Index: src/sys/external/bsd/ipf/netinet/ip_frag.c
diff -u src/sys/external/bsd/ipf/netinet/ip_frag.c:1.3 src/sys/external/bsd/ipf/netinet/ip_frag.c:1.3.14.1
--- src/sys/external/bsd/ipf/netinet/ip_frag.c:1.3 Sun Jul 22 14:27:51 2012
+++ src/sys/external/bsd/ipf/netinet/ip_frag.c Thu Jun 29 12:24:10 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: ip_frag.c,v 1.3 2012/07/22 14:27:51 darrenr Exp $ */
+/* $NetBSD: ip_frag.c,v 1.3.14.1 2017/06/29 12:24:10 sborrill Exp $ */
/*
* Copyright (C) 2012 by Darren Reed.
@@ -87,7 +87,7 @@ struct file;
#if !defined(lint)
#if defined(__NetBSD__)
#include
-__KERNEL_RCSID(0, "$NetBSD: ip_frag.c,v 1.3 2012/07/22 14:27:51 darrenr Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip_frag.c,v 1.3.14.1 2017/06/29 12:24:10 sborrill Exp $");
#else
static const char sccsid[] = "@(#)ip_frag.c 1.11 3/24/96 (C) 1993-2000 Darren Reed";
static const char rcsid[] = "@(#)Id: ip_frag.c,v 1.1.1.2 2012/07/22 13:45:17 darrenr Exp";
@@ -468,7 +468,7 @@ ipfr_frag_new(
IPFR_CMPSZ)) {
RWLOCK_EXIT(lock);
FBUMPD(ifs_exists);
- KFREE(fra);
+ KFREE(fran);
return NULL;
}
Index: src/sys/external/bsd/ipf/netinet/ip_state.c
diff -u src/sys/external/bsd/ipf/netinet/ip_state.c:1.6 src/sys/external/bsd/ipf/netinet/ip_state.c:1.6.4.1
--- src/sys/external/bsd/ipf/netinet/ip_state.c:1.6 Sat Sep 14 12:16:11 2013
+++ src/sys/external/bsd/ipf/netinet/ip_state.c Thu Jun 29 12:24:10 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: ip_state.c,v 1.6 2013/09/14 12:16:11 martin Exp $ */
+/* $NetBSD: ip_state.c,v 1.6.4.1 2017/06/29 12:24:10 sborrill Exp $ */
/*
* Copyright (C) 2012 by Darren Reed.
@@ -100,7 +100,7 @@ struct file;
#if !defined(lint)
#if defined(__NetBSD__)
#include
-__KERNEL_RCSID(0, "$NetBSD: ip_state.c,v 1.6 2013/09/14 12:16:11 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip_state.c,v 1.6.4.1 2017/06/29 12:24:10 sborrill Exp $");
#else
static const char sccsid[] = "@(#)ip_state.c 1.8 6/5/96 (C) 1993-2000 Darren Reed";
static const char rcsid[] = "@(#)Id: ip_state.c,v 1.1.1.2 2012/07/22 13:45:37 darrenr Exp";
@@ -3341,7 +3341,8 @@ ipf_state_check(fr_info_t *fin, u_32_t *
* If this packet is a fragment and the rule says to track fragments,
* then create a new fragment cache entry.
*/
- if ((fin->fin_flx & FI_FRAG) && FR_ISPASS(is->is_pass))
+ if (fin->fin_flx & FI_FRAG && FR_ISPASS(is->is_pass) &&
+ is->is_pass & FR_KEEPFRAG)
(void) ipf_frag_new(softc, fin, is->is_pass);
/*
CVS commit: [netbsd-7] src/sys/external/bsd/ipf/netinet
Module Name:src Committed By: sborrill Date: Thu Jun 29 12:24:10 UTC 2017 Modified Files: src/sys/external/bsd/ipf/netinet [netbsd-7]: fil.c ip_frag.c ip_state.c Log Message: Pull up the following revisions(s) (requested by christos in ticket #1412): sys/external/bsd/ipf/netinet/fil.c: revision 1.20 sys/external/bsd/ipf/netinet/ip_state.c:revision 1.7 sys/external/bsd/ipf/netinet/ip_frag.c: revision 1.5 Disconnect maintaining fragment state from keeping session state. The user now must specify keep frags along with keep state to have ipfilter do what it did before, as documented in ipf.conf.5. Free the right fragment. This will cause use after free issues and eventually panic. To generate a diff of this commit: cvs rdiff -u -r1.15.2.2 -r1.15.2.3 src/sys/external/bsd/ipf/netinet/fil.c cvs rdiff -u -r1.3 -r1.3.14.1 src/sys/external/bsd/ipf/netinet/ip_frag.c cvs rdiff -u -r1.6 -r1.6.4.1 src/sys/external/bsd/ipf/netinet/ip_state.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-7] src/sys/external/bsd/ipf/netinet
Module Name:src Committed By: snj Date: Sat Dec 24 04:30:08 UTC 2016 Modified Files: src/sys/external/bsd/ipf/netinet [netbsd-7]: ip_nat.c ip_nat6.c Log Message: Pull up following revision(s) (requested by sborrill in ticket #1261): sys/external/bsd/ipf/netinet/ip_nat.c: revision 1.17 sys/external/bsd/ipf/netinet/ip_nat6.c: revision 1.10 Fix lookup of original destination address when using a redirect rule. This is required for transparent proxying by squid, for example. To generate a diff of this commit: cvs rdiff -u -r1.13.2.2 -r1.13.2.3 src/sys/external/bsd/ipf/netinet/ip_nat.c cvs rdiff -u -r1.7.4.1 -r1.7.4.2 src/sys/external/bsd/ipf/netinet/ip_nat6.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/external/bsd/ipf/netinet/ip_nat.c diff -u src/sys/external/bsd/ipf/netinet/ip_nat.c:1.13.2.2 src/sys/external/bsd/ipf/netinet/ip_nat.c:1.13.2.3 --- src/sys/external/bsd/ipf/netinet/ip_nat.c:1.13.2.2 Fri Apr 29 18:58:17 2016 +++ src/sys/external/bsd/ipf/netinet/ip_nat.c Sat Dec 24 04:30:08 2016 @@ -1,4 +1,4 @@ -/* $NetBSD: ip_nat.c,v 1.13.2.2 2016/04/29 18:58:17 snj Exp $ */ +/* $NetBSD: ip_nat.c,v 1.13.2.3 2016/12/24 04:30:08 snj Exp $ */ /* * Copyright (C) 2012 by Darren Reed. @@ -113,7 +113,7 @@ extern struct ifnet vpnif; #if !defined(lint) #if defined(__NetBSD__) #include -__KERNEL_RCSID(0, "$NetBSD: ip_nat.c,v 1.13.2.2 2016/04/29 18:58:17 snj Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ip_nat.c,v 1.13.2.3 2016/12/24 04:30:08 snj Exp $"); #else static const char sccsid[] = "@(#)ip_nat.c 1.11 6/5/96 (C) 1995 Darren Reed"; static const char rcsid[] = "@(#)Id: ip_nat.c,v 1.1.1.2 2012/07/22 13:45:27 darrenr Exp"; @@ -4620,8 +4620,8 @@ ipf_nat_lookupredir(ipf_main_softc_t *so } } - np->nl_realip = nat->nat_ndstip; - np->nl_realport = nat->nat_ndport; + np->nl_realip = nat->nat_odstip; + np->nl_realport = nat->nat_odport; } } Index: src/sys/external/bsd/ipf/netinet/ip_nat6.c diff -u src/sys/external/bsd/ipf/netinet/ip_nat6.c:1.7.4.1 src/sys/external/bsd/ipf/netinet/ip_nat6.c:1.7.4.2 --- src/sys/external/bsd/ipf/netinet/ip_nat6.c:1.7.4.1 Sat Aug 8 10:09:57 2015 +++ src/sys/external/bsd/ipf/netinet/ip_nat6.c Sat Dec 24 04:30:08 2016 @@ -1,4 +1,4 @@ -/* $NetBSD: ip_nat6.c,v 1.7.4.1 2015/08/08 10:09:57 martin Exp $ */ +/* $NetBSD: ip_nat6.c,v 1.7.4.2 2016/12/24 04:30:08 snj Exp $ */ /* * Copyright (C) 2012 by Darren Reed. @@ -2470,8 +2470,8 @@ ipf_nat6_lookupredir(ipf_main_softc_t *s } } - np->nl_realip6 = nat->nat_ndst6.in6; - np->nl_realport = nat->nat_ndport; + np->nl_realip6 = nat->nat_odst6.in6; + np->nl_realport = nat->nat_odport; } }
CVS commit: [netbsd-7] src/sys/external/bsd/ipf/netinet
Module Name:src Committed By: snj Date: Fri Apr 29 19:00:40 UTC 2016 Modified Files: src/sys/external/bsd/ipf/netinet [netbsd-7]: fil.c Log Message: Pull up following revision(s) (requested by christos in ticket #1152): sys/external/bsd/ipf/netinet/fil.c: revision 1.17 Comment out the mutex calls that protect against concurrent configuration changes and processing. This needs to be done differently since you can't sleep during interrupt processing. To generate a diff of this commit: cvs rdiff -u -r1.15.2.1 -r1.15.2.2 src/sys/external/bsd/ipf/netinet/fil.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-7] src/sys/external/bsd/ipf/netinet
Module Name:src
Committed By: snj
Date: Fri Apr 29 19:00:40 UTC 2016
Modified Files:
src/sys/external/bsd/ipf/netinet [netbsd-7]: fil.c
Log Message:
Pull up following revision(s) (requested by christos in ticket #1152):
sys/external/bsd/ipf/netinet/fil.c: revision 1.17
Comment out the mutex calls that protect against concurrent configuration
changes and processing. This needs to be done differently since you can't
sleep during interrupt processing.
To generate a diff of this commit:
cvs rdiff -u -r1.15.2.1 -r1.15.2.2 src/sys/external/bsd/ipf/netinet/fil.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/external/bsd/ipf/netinet/fil.c
diff -u src/sys/external/bsd/ipf/netinet/fil.c:1.15.2.1 src/sys/external/bsd/ipf/netinet/fil.c:1.15.2.2
--- src/sys/external/bsd/ipf/netinet/fil.c:1.15.2.1 Fri Apr 10 20:26:46 2015
+++ src/sys/external/bsd/ipf/netinet/fil.c Fri Apr 29 19:00:40 2016
@@ -1,4 +1,4 @@
-/* $NetBSD: fil.c,v 1.15.2.1 2015/04/10 20:26:46 snj Exp $ */
+/* $NetBSD: fil.c,v 1.15.2.2 2016/04/29 19:00:40 snj Exp $ */
/*
* Copyright (C) 2012 by Darren Reed.
@@ -138,7 +138,7 @@ extern struct timeout ipf_slowtimer_ch;
#if !defined(lint)
#if defined(__NetBSD__)
#include
-__KERNEL_RCSID(0, "$NetBSD: fil.c,v 1.15.2.1 2015/04/10 20:26:46 snj Exp $");
+__KERNEL_RCSID(0, "$NetBSD: fil.c,v 1.15.2.2 2016/04/29 19:00:40 snj Exp $");
#else
static const char sccsid[] = "@(#)fil.c 1.36 6/5/96 (C) 1993-2000 Darren Reed";
static const char rcsid[] = "@(#)Id: fil.c,v 1.1.1.2 2012/07/22 13:45:07 darrenr Exp $";
@@ -2916,7 +2916,9 @@ ipf_check(void *ctx, ip_t *ip, int hlen,
LBUMPD(ipf_stats[out], fr_short);
}
+#if 0
READ_ENTER(>ipf_mutex);
+#endif
if (!out) {
switch (fin->fin_v)
@@ -3048,9 +3050,10 @@ filterdone:
fr->fr_ref++;
MUTEX_EXIT(>fr_lock);
}
-
+#if 0
RWLOCK_EXIT(>ipf_mutex);
#endif
+#endif
if ((pass & FR_RETMASK) != 0) {
/*
@@ -3146,8 +3149,10 @@ filterdone:
#endif
}
#if !defined(FASTROUTE_RECURSION)
+#if 0
RWLOCK_EXIT(>ipf_mutex);
#endif
+#endif
finished:
if (!FR_ISPASS(pass)) {
CVS commit: [netbsd-7] src/sys/external/bsd/ipf/netinet
Module Name:src Committed By: snj Date: Fri Apr 29 18:58:17 UTC 2016 Modified Files: src/sys/external/bsd/ipf/netinet [netbsd-7]: ip_nat.c Log Message: Pull up following revision(s) (requested by khorben in ticket #1148): sys/external/bsd/ipf/netinet/ip_nat.c: revision 1.16 Fix matching of ICMP queries when NAT'd through IPF This notably fixes MTU updates for hosts issueing ICMP queries through a NAT performed by NetBSD with IPF. To generate a diff of this commit: cvs rdiff -u -r1.13.2.1 -r1.13.2.2 src/sys/external/bsd/ipf/netinet/ip_nat.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-7] src/sys/external/bsd/ipf/netinet
Module Name:src
Committed By: martin
Date: Sat Aug 8 10:09:57 UTC 2015
Modified Files:
src/sys/external/bsd/ipf/netinet [netbsd-7]: ip_nat.c ip_nat.h
ip_nat6.c
Log Message:
Pull up following revision(s) (requested by prlw1 in ticket #939):
sys/external/bsd/ipf/netinet/ip_nat.h: revision 1.7
sys/external/bsd/ipf/netinet/ip_nat.c: revision 1.14
sys/external/bsd/ipf/netinet/ip_nat6.c: revision 1.8
Avoid panic in SIOCGNATL dereferencing a NULL softc.
Solution suggestion from Martin Husemann.
To generate a diff of this commit:
cvs rdiff -u -r1.13 -r1.13.2.1 src/sys/external/bsd/ipf/netinet/ip_nat.c
cvs rdiff -u -r1.6 -r1.6.12.1 src/sys/external/bsd/ipf/netinet/ip_nat.h
cvs rdiff -u -r1.7 -r1.7.4.1 src/sys/external/bsd/ipf/netinet/ip_nat6.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/external/bsd/ipf/netinet/ip_nat.c
diff -u src/sys/external/bsd/ipf/netinet/ip_nat.c:1.13 src/sys/external/bsd/ipf/netinet/ip_nat.c:1.13.2.1
--- src/sys/external/bsd/ipf/netinet/ip_nat.c:1.13 Sat Jul 12 14:54:32 2014
+++ src/sys/external/bsd/ipf/netinet/ip_nat.c Sat Aug 8 10:09:57 2015
@@ -1,4 +1,4 @@
-/* $NetBSD: ip_nat.c,v 1.13 2014/07/12 14:54:32 darrenr Exp $ */
+/* $NetBSD: ip_nat.c,v 1.13.2.1 2015/08/08 10:09:57 martin Exp $ */
/*
* Copyright (C) 2012 by Darren Reed.
@@ -113,7 +113,7 @@ extern struct ifnet vpnif;
#if !defined(lint)
#if defined(__NetBSD__)
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: ip_nat.c,v 1.13 2014/07/12 14:54:32 darrenr Exp $);
+__KERNEL_RCSID(0, $NetBSD: ip_nat.c,v 1.13.2.1 2015/08/08 10:09:57 martin Exp $);
#else
static const char sccsid[] = @(#)ip_nat.c 1.11 6/5/96 (C) 1995 Darren Reed;
static const char rcsid[] = @(#)Id: ip_nat.c,v 1.1.1.2 2012/07/22 13:45:27 darrenr Exp;
@@ -1227,11 +1227,11 @@ ipf_nat_ioctl(ipf_main_softc_t *softc, v
switch (nl.nl_v)
{
case 4 :
-ptr = ipf_nat_lookupredir(nl);
+ptr = ipf_nat_lookupredir(softc, nl);
break;
#ifdef USE_INET6
case 6 :
-ptr = ipf_nat6_lookupredir(nl);
+ptr = ipf_nat6_lookupredir(softc, nl);
break;
#endif
default:
@@ -4574,12 +4574,13 @@ find_out_wild_ports:
/* nl_out* = destination information (translated) */
/* */
nat_t *
-ipf_nat_lookupredir(natlookup_t *np)
+ipf_nat_lookupredir(ipf_main_softc_t *softc, natlookup_t *np)
{
fr_info_t fi;
nat_t *nat;
bzero((char *)fi, sizeof(fi));
+ fi.fin_main_soft = softc;
if (np-nl_flags IPN_IN) {
fi.fin_data[0] = ntohs(np-nl_realport);
fi.fin_data[1] = ntohs(np-nl_outport);
Index: src/sys/external/bsd/ipf/netinet/ip_nat.h
diff -u src/sys/external/bsd/ipf/netinet/ip_nat.h:1.6 src/sys/external/bsd/ipf/netinet/ip_nat.h:1.6.12.1
--- src/sys/external/bsd/ipf/netinet/ip_nat.h:1.6 Wed Jan 9 13:23:20 2013
+++ src/sys/external/bsd/ipf/netinet/ip_nat.h Sat Aug 8 10:09:57 2015
@@ -1,4 +1,4 @@
-/* $NetBSD: ip_nat.h,v 1.6 2013/01/09 13:23:20 christos Exp $ */
+/* $NetBSD: ip_nat.h,v 1.6.12.1 2015/08/08 10:09:57 martin Exp $ */
/*
* Copyright (C) 2012 by Darren Reed.
@@ -721,7 +721,7 @@ extern int ipf_nat_ioctl(ipf_main_softc_
int, int, void *);
extern void ipf_nat_log(ipf_main_softc_t *, ipf_nat_softc_t *,
struct nat *, u_int);
-extern nat_t *ipf_nat_lookupredir(natlookup_t *);
+extern nat_t *ipf_nat_lookupredir(ipf_main_softc_t *, natlookup_t *);
extern nat_t *ipf_nat_maplookup(void *, u_int, struct in_addr,
struct in_addr);
extern nat_t *ipf_nat_add(fr_info_t *, ipnat_t *, nat_t **,
@@ -780,7 +780,7 @@ extern nat_t *ipf_nat6_inlookup(fr_info_
extern u_32_t ipf_nat6_ip6subtract(i6addr_t *, i6addr_t *);
extern frentry_t *ipf_nat6_ipfin(fr_info_t *, u_32_t *);
extern frentry_t *ipf_nat6_ipfout(fr_info_t *, u_32_t *);
-extern nat_t *ipf_nat6_lookupredir(natlookup_t *);
+extern nat_t *ipf_nat6_lookupredir(ipf_main_softc_t *, natlookup_t *);
extern int ipf_nat6_newmap(fr_info_t *, nat_t *, natinfo_t *);
extern int ipf_nat6_newrdr(fr_info_t *, nat_t *, natinfo_t *);
extern nat_t *ipf_nat6_outlookup(fr_info_t *, u_int, u_int,
Index: src/sys/external/bsd/ipf/netinet/ip_nat6.c
diff -u src/sys/external/bsd/ipf/netinet/ip_nat6.c:1.7 src/sys/external/bsd/ipf/netinet/ip_nat6.c:1.7.4.1
--- src/sys/external/bsd/ipf/netinet/ip_nat6.c:1.7 Tue Apr 1 15:19:29 2014
+++ src/sys/external/bsd/ipf/netinet/ip_nat6.c Sat Aug 8 10:09:57 2015
@@ -1,4 +1,4 @@
-/* $NetBSD: ip_nat6.c,v 1.7 2014/04/01 15:19:29 christos Exp $ */
+/* $NetBSD: ip_nat6.c,v 1.7.4.1 2015/08/08 10:09:57 martin Exp $ */
/*
* Copyright (C) 2012 by Darren Reed.
@@ -2414,12 +2414,13 @@ find_out_wild_ports:
/* nl_out* = destination information (translated) */
/* */
nat_t *
CVS commit: [netbsd-7] src/sys/external/bsd/ipf/netinet
Module Name:src Committed By: martin Date: Sat Aug 8 10:09:57 UTC 2015 Modified Files: src/sys/external/bsd/ipf/netinet [netbsd-7]: ip_nat.c ip_nat.h ip_nat6.c Log Message: Pull up following revision(s) (requested by prlw1 in ticket #939): sys/external/bsd/ipf/netinet/ip_nat.h: revision 1.7 sys/external/bsd/ipf/netinet/ip_nat.c: revision 1.14 sys/external/bsd/ipf/netinet/ip_nat6.c: revision 1.8 Avoid panic in SIOCGNATL dereferencing a NULL softc. Solution suggestion from Martin Husemann. To generate a diff of this commit: cvs rdiff -u -r1.13 -r1.13.2.1 src/sys/external/bsd/ipf/netinet/ip_nat.c cvs rdiff -u -r1.6 -r1.6.12.1 src/sys/external/bsd/ipf/netinet/ip_nat.h cvs rdiff -u -r1.7 -r1.7.4.1 src/sys/external/bsd/ipf/netinet/ip_nat6.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
