from:"Alexandr Nedvedicky"

CVS: cvs.openbsd.org: src

2024-05-24 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2024/05/24 00:38:41 Modified files: sys/net: if_pfsync.c Log message: pfsync must let to progress state for destination peer The issue has been noticed by matthieu@ when he was chasing cause of

CVS: cvs.openbsd.org: www

2024-03-26 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:www Changes by: sas...@cvs.openbsd.org 2024/03/26 02:51:51 Modified files: . : 75.html Log message: add few more notes in pf(4)/pfctl(8)

CVS: cvs.openbsd.org: src

2024-02-02 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2024/02/02 01:23:29 Modified files: sbin/pfctl : pfctl.c Log message: The fix to pfctl_kill_src_nodes() comes from Olivier Croquin. bluhm@ pointed out pfctl_net_kill_states() suffers from the same

CVS: cvs.openbsd.org: src

2024-01-14 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2024/01/15 00:23:32 Modified files: sbin/pfctl : pfctl.c pfctl_parser.h pfctl_table.c Log message: Currently 'pfctl -a "*" -sr' recursively walks anchor tree and shows rules found in every anchor. This

CVS: cvs.openbsd.org: src

2023-12-01 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2023/12/01 03:28:32 Modified files: sys/net: pf.c Log message: Prevent race between pf_test() and pf_purge_expired_states(). Packets (callers to pf_test()) must alter pf_state::timeout under

CVS: cvs.openbsd.org: src

2023-09-07 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2023/09/07 03:59:43 Modified files: sys/net: pf.c Log message: pf(4) ignores 'keep state' and 'nat-to' actions for unsolicited icmp error responses. Fix tightens rule matching logic so icmp error

CVS: cvs.openbsd.org: src

2023-08-13 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2023/08/13 15:21:53 Modified files: regress/sys/net/pf_table: Makefile Log message: Ignore failure when deleting regress/ttest anchor in 'stamp-setup' target. Found by anton@.

CVS: cvs.openbsd.org: src

2023-08-10 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2023/08/10 10:44:04 Modified files: sys/net: pf_table.c regress/sys/net/pf_table: Makefile Log message: Table persistent flag (PFR_TFLAG_PERSIST) won't get set by ioctl(2) operation if

CVS: cvs.openbsd.org: src

2023-08-10 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2023/08/10 09:47:05 Modified files: lib/libpcap: savefile.c Log message: Allow libpcap to read files with some additional link-layer type values patch has been contributed by Guy Harris from

CVS: cvs.openbsd.org: src

2023-07-06 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2023/07/06 13:55:58 Added files: regress/sys/net/pf_trans: Makefile dev-limit.c iocmd-limit.c Log message: adding regression tests: to verify limit on tickets progam can retrieve by DIOCXGETRULES. Ad tests

CVS: cvs.openbsd.org: src

2023-07-06 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2023/07/06 13:52:20 src/regress/sys/net/pf_trans Update of /cvs/src/regress/sys/net/pf_trans In directory cvs.openbsd.org:/tmp/cvs-serv24335/pf_trans Log Message: Directory /cvs/src/regress/sys/net/pf_trans added

CVS: cvs.openbsd.org: src

2023-07-05 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2023/07/05 06:00:01 Modified files: share/man/man4 : pf.4 Log message: Document DIOCXEND in pf(4) manpage. With many improvements from jmc@ and kn@ OK jmc@, kn@ deraadt@

CVS: cvs.openbsd.org: src

2023-07-04 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2023/07/04 08:23:38 Modified files: sys/net: pf_ioctl.c Log message: This diff limits the number of transactions/tickets pf_open_trans() can issue for each clone of /dev/pf to 512. The

CVS: cvs.openbsd.org: src

2023-07-04 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2023/07/04 05:34:20 Modified files: libexec/snmpd/snmpd_metrics: mib.c sys/net: pf_ioctl.c pfvar.h usr.bin/systat : pftop.c Log message: The recent change to DIOCGETRULE allows

CVS: cvs.openbsd.org: src

2023-06-30 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2023/06/30 06:16:00 Modified files: usr.sbin/relayd: pfe_filter.c Log message: let check_table() also print table@anchor when it exits unexpectedly via call to fatal() OK claudio@

CVS: cvs.openbsd.org: src

2023-06-28 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2023/06/28 15:33:35 Modified files: sys/net: pf_ioctl.c Log message: pfioctl() must make sure pfioctl_rw() gets unlocked before function returns. OK bluhm@

CVS: cvs.openbsd.org: src

2023-06-05 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2023/06/05 02:45:20 Modified files: sys/net: if_pfsync.c Log message: pfsync_update_state() is too paranoid about pf_state::pfsync_state. For example it should not be surprised if caller asks to

CVS: cvs.openbsd.org: src

2023-06-05 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2023/06/05 02:37:27 Modified files: sys/net: pf.c Log message: pf_remove_state() should not attempt to remove state which is already removed. OK dlg@

CVS: cvs.openbsd.org: src

2023-05-18 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2023/05/18 06:10:04 Modified files: sys/net: if_pfsync.c Log message: sc_st_mtx is not sufficient protection to move state around pfsync(4) queues. We also need to grab pf_state::mtx to put/remove

CVS: cvs.openbsd.org: src

2023-05-10 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2023/05/10 16:42:51 Modified files: sys/net: pf_lb.c pfvar_priv.h Log message: nat-to may fail to insert state due to conflict on chosen source port number. This is typically indicated by 'wire key

CVS: cvs.openbsd.org: src

2023-04-28 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2023/04/28 09:50:05 Modified files: sys/net: if_pfsync.c Log message: remove superfluous/invalid KASSERT() in pfsync_q_del(). pointed and OK bluhm@

CVS: cvs.openbsd.org: src

2023-04-28 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2023/04/28 08:08:38 Modified files: sbin/pfctl : pfctl.c sys/net: pf_ioctl.c pf_ruleset.c pfvar.h pfvar_priv.h Log message: This change speeds up DIOCGETRULE ioctl(2) which pfctl(8)

CVS: cvs.openbsd.org: src

2023-03-04 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2023/03/04 03:55:37 Modified files: sys/net: pf.c Log message: pf(4) should be enforcing TTL=1 to packets sent to 224.0.0.1 only. Issue found and kindly reported by Luca Di Gregorio OK bluhm@

CVS: cvs.openbsd.org: src

2023-02-15 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2023/02/15 11:11:47 Modified files: sys/net: if_pfsync.c Log message: pfsync(4) panics on NULL pointer dereference if there are no data ready for bulk transfer. reported and fix kindly tested by

CVS: cvs.openbsd.org: src

2023-02-07 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2023/02/07 10:58:43 Modified files: sbin/pfctl : parse.y sys/net: pfvar.h Log message: internal representation of icmp type/code in pfctl(8)/pf(4) does not fit into u_int8_t. Issue has

CVS: cvs.openbsd.org: src

2023-01-11 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2023/01/11 01:11:07 Modified files: regress/sys/net/pf_policy: Makefile Log message: make REGRESS_CLEANUP consistent with REGRESS_CLEANUP found in pf_state/Makefile. discussed with anton@ OK anton@

CVS: cvs.openbsd.org: src

2023-01-09 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2023/01/09 03:21:40 Modified files: regress/sys/net: Makefile Added files: regress/sys/net/pf_policy: Makefile absolute.conf list.conf loop-relative.conf loop.conf

CVS: cvs.openbsd.org: src

2023-01-09 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2023/01/09 03:17:11 src/regress/sys/net/pf_policy Update of /cvs/src/regress/sys/net/pf_policy In directory cvs.openbsd.org:/tmp/cvs-serv1108/pf_policy Log Message: Directory /cvs/src/regress/sys/net/pf_policy

CVS: cvs.openbsd.org: src

2023-01-06 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2023/01/06 10:44:34 Modified files: sbin/pfctl : pfctl.c sys/net: pf.c pf_ioctl.c pfvar.h pfvar_priv.h Log message: PF_ANCHOR_STACK_MAX is insufficient protection against stack

CVS: cvs.openbsd.org: src

2023-01-05 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2023/01/05 03:06:58 Modified files: sys/net: pf_table.c Log message: pfctl fails to add addresses to undefined/inactive table pfr_add_tables() function must set PFR_TFLAG_ACTIVE flag to table which

CVS: cvs.openbsd.org: src

2022-11-22 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2022/11/22 15:28:41 Modified files: sys/net: pf_if.c Log message: Interface tables (a.k.a. kif) in pf(4) are currently protected by NET_LOCK() only. This change makes them protected by PF_LOCK().

CVS: cvs.openbsd.org: src

2022-11-20 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2022/11/21 00:27:11 Modified files: sbin/pfctl : pfctl_table.c sys/net: pf_if.c Log message: Fix DIOCIGETIFACES ioctl so all network interfaces and interface groups are reported. The

CVS: cvs.openbsd.org: src

2022-11-11 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2022/11/11 04:22:48 Modified files: sys/net: if_pfsync.c Log message: Turn KASSERT() into if() to prevent state being inserted to pfsync snapshot multiple times. OK dlg@

CVS: cvs.openbsd.org: src

2022-11-10 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2022/11/10 09:29:20 Modified files: sys/net: pf.c pfvar.h Log message: revert pf_state mtx commit, because it breaks tree. pfctl does not build OK dlg@

CVS: cvs.openbsd.org: src

2022-11-10 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2022/11/10 07:22:43 Modified files: sys/net: pf.c pfvar.h Log message: Add a mutex to pf_state structure. Mutex retain a consistency of structure members without using a global state lock. The first

CVS: cvs.openbsd.org: src

2022-11-09 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2022/11/09 16:00:01 Modified files: sbin/pfctl : pfctl_parser.c share/man/man5 : pf.conf.5 sys/net: pf.c pf_ioctl.c pfvar.h Log message: simplify expiration of 'once' rules.

CVS: cvs.openbsd.org: src

2022-11-08 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2022/11/08 09:20:26 Modified files: sys/net: pf.c Log message: This diff fixes panic tripped by KASSERT(st->sync_state == PFSYNC_S_NONE) found in pfsync_insert_state(). It is caused by two packets

CVS: cvs.openbsd.org: src

2022-08-03 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2022/08/03 02:16:04 Modified files: sys/net: pf_lb.c Log message: Bug was reported by Chriss Cappucio. It has turned out my earlier change to pf_lb.c was not complete. We must add a test to

CVS: cvs.openbsd.org: src

2022-06-16 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2022/06/16 14:47:26 Modified files: sys/net: pf_table.c Log message: pfctl reports existing table as being added. glitch has been spotted and reported by jmc@ OK kn@

CVS: cvs.openbsd.org: src

2022-06-07 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2022/06/07 16:18:34 Modified files: sys/net: if.c Log message: fixes potential memory leak. if_vinput() should always consume packet by either passing it further or releasing it. OK mvs@

CVS: cvs.openbsd.org: src

2022-06-07 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2022/06/07 16:14:15 Modified files: sys/net: pf_table.c Log message: fixes NULL pointer dereference panic triggered by relayd. same panic can be triggered when address table is part of anchor loaded

CVS: cvs.openbsd.org: src

2022-06-01 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2022/06/01 11:34:13 Modified files: sys/net: if_veb.c Log message: callers to pf(4) must continue to run with packet as returned by firewall. OK dlg@

CVS: cvs.openbsd.org: src

2022-05-10 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2022/05/10 17:12:26 Modified files: sys/net: pf_ioctl.c pf_table.c Log message: move memory allocations in pfr_add_tables() out of NET_LOCK()/PF_LOCK() scope. bluhm@ helped a lot to put this diff

CVS: cvs.openbsd.org: src

2022-05-09 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2022/05/09 14:29:24 Modified files: share/man/man5 : pf.conf.5 Log message: pf.conf(5) should mention impact of sloppy state handling on ICMP OK @bluhm

CVS: cvs.openbsd.org: src

2022-05-03 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2022/05/03 07:32:47 Modified files: sys/net: pf.c Log message: Make pf(4) more paranoid about IGMP/MLP messages. MLD/IGMP messages with ttl other than 1 will be discarded. Also MLD messages with

CVS: cvs.openbsd.org: src

2022-04-21 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2022/04/21 09:22:50 Modified files: sys/net: if_pfsync.c pfvar.h sys/netinet: ip_ipsp.h Log message: Introduce a dedicated link entries for snapshots in pfsync(4). The purpose of

CVS: cvs.openbsd.org: src

2022-04-04 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2022/04/04 06:57:36 Modified files: sys/net: pf_ioctl.c Log message: pf_validate_range() must not assume rdr ports are in network order. bug found and reported by Kurt (kmos@). OK bluhm@

CVS: cvs.openbsd.org: src

2022-03-23 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2022/03/23 03:01:59 Modified files: sys/net: pf_ioctl.c Log message: resurrect pf_consistency_lock as pfioctl_rw this time. pfioctl_rw serializes access to pf(4) from concurrent processes which

CVS: cvs.openbsd.org: src

2022-03-08 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2022/03/08 13:46:02 Modified files: sys/net: if_pfsync.c Log message: merge iack_mtx, upd_c_mtx, del_mtx, ins_mtx and upd_mtx mutexes into single mutex st_mtx. This simplifies pf(4) state handling

CVS: cvs.openbsd.org: src

2022-02-16 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2022/02/16 01:46:11 Modified files: sys/net: pf_lb.c Log message: nat-to round-robin without a pool should fallback to POOL_NONE bug reported by giovanni@ OK giovanni@

CVS: cvs.openbsd.org: src

2022-02-09 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2022/02/09 04:42:59 Modified files: sys/net: pf_ioctl.c Log message: let pfattach() to also initialize pf_default_rule_new to avoid div-by-zero in pf_purge() Reported-by:

CVS: cvs.openbsd.org: src

2022-01-11 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2022/01/11 02:00:17 Modified files: sys/net: pf_ioctl.c Log message: move allocations in DIOCSADDRULE and DIOCHANGERULE outside of locks. this diff lets pf_rule_copyin() to be called outside of

CVS: cvs.openbsd.org: src

2021-12-26 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2021/12/26 07:04:29 Modified files: sys/net: pf_ioctl.c Log message: DIOCHANGERRULE ioctl must set pointer to ruleset in rule it inserts. Reported-by:

CVS: cvs.openbsd.org: src

2021-12-25 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2021/12/25 18:00:32 Modified files: share/man/man5 : pf.conf.5 sys/net: if.c pf_if.c pf_ioctl.c pfvar.h Log message: make 'set skip on ...' in pf.conf dynamic This is an old issue in

CVS: cvs.openbsd.org: src

2021-12-15 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2021/12/15 19:01:59 Modified files: sys/net: pf_lb.c Log message: fix zero division found by syzkaller. The sanity checks in pf(4) ioctls are not powerful enough to detect invalid port ranges (or

CVS: cvs.openbsd.org: src

2021-12-05 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2021/12/06 00:41:33 Modified files: sys/net: pf_if.c Log message: fix odd check in pfi_kif_free() pointed out by jsg@ OK jsg@

CVS: cvs.openbsd.org: src

2021-11-16 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2021/11/16 13:51:31 Modified files: sys/net: pf_ioctl.c pfvar.h pf_table.c Log message: move memory allocations in pfr_add_addrs() outside of NET_LOCK()/PF_LOCK() scope. feedback by bluhm@ OK

CVS: cvs.openbsd.org: src

2021-11-11 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2021/11/11 05:49:53 Modified files: sbin/pfctl : pfctl.c regress/sbin/pfctl: Makefile Added files: regress/sbin/pfctl: changerule.c changerule-after.ok

CVS: cvs.openbsd.org: src

2021-11-11 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2021/11/11 05:35:01 Modified files: sys/net: if_pfsync.c pf_if.c pf_ioctl.c pf_table.c pfvar.h Log message: Allow pfi_kif_get() callers to pre-allocate buffer for new kif.

CVS: cvs.openbsd.org: src

2021-10-25 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2021/10/25 08:56:47 Modified files: regress/sbin/pfctl: Makefile Added files: regress/sbin/pfctl: pf114.in pf114.loaded pf114.ok pf114.optimized Log message: - add

CVS: cvs.openbsd.org: src

2021-10-25 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2021/10/25 08:50:29 Modified files: sbin/pfctl : parse.y pfctl.c pfctl_parser.h Log message: - pfctl $nr incorrect macro expansion Issue reported by Kristof Provost from FreeBSD. [

CVS: cvs.openbsd.org: src

2021-10-24 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2021/10/24 04:58:43 Modified files: sys/net: pf_table.c Log message: let pf_table.c to use standard way to work with lists OK todd@, mvs@, kn@

CVS: cvs.openbsd.org: src

2021-10-23 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2021/10/23 03:36:58 Modified files: sys/net: pf_table.c Log message: YIELD() in pf_table.c should preempt for ioctl() callers only OK @mpi

CVS: cvs.openbsd.org: src

2021-07-07 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2021/07/07 14:19:01 Modified files: sys/net: if_bridge.c if_ethersubr.c if_switch.c if_tpmr.c if_veb.c sys/netinet: if_ether.h Log message: tell ether_input()

CVS: cvs.openbsd.org: src

2021-07-07 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2021/07/07 12:38:25 Modified files: sys/net: if_pfsync.c if_pfsync.h pf.c Log message: pfsync_undefer() must be called outside of PF_LOCK OK @bluhm

CVS: cvs.openbsd.org: src

2021-06-02 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2021/06/02 15:49:32 Modified files: sys/net: if_pfsync.c Log message: With parallel execution of pf_test() two packets may try to update the same state in pfsync(4) queue. pfsync_q_ins() takes that

CVS: cvs.openbsd.org: src

2021-05-17 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2021/05/17 17:01:26 Modified files: sys/net: pf.c Log message: fix state key reference underflow, when sk == skrev the bug has been reported by Sebastien and Olivier Cherrier. it has turned out the

CVS: cvs.openbsd.org: src

2021-04-28 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2021/04/28 03:42:04 Modified files: sys/sys: systm.h Log message: time to add NET_ASSERT_WLOCKED() with moving towards NET_RLOCK...() we need NET_ASSERT_WLOCKED() to check caller owns netlock

CVS: cvs.openbsd.org: src

2021-04-27 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2021/04/27 03:38:29 Modified files: sys/net: pf.c Log message: pf_state_key_link_reverse() is prone to race on parallel forwarding we need to adjust assertions. at time we call

CVS: cvs.openbsd.org: src

2021-03-30 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2021/03/30 02:37:11 Modified files: sys/netinet: ip_icmp.c ip_input.c ip_output.c ip_var.h Log message: [ICMP] IP options lead to malformed reply icmp_send() must update IP header length if IP optaions

CVS: cvs.openbsd.org: src

2021-02-03 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2021/02/03 17:55:41 Modified files: sys/arch/amd64/conf: GENERIC.MP sys/net: if_pfsync.c if_pfsync.h Log message: make if_pfsync.c a better friend with PF_LOCK The code delivered in this

CVS: cvs.openbsd.org: src

2021-01-04 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2021/01/04 08:02:34 Modified files: sys/netinet: ip_carp.c Log message: - fix use after free, when packet gets dropped. patch submitted by Ralf Horstmann from ackstorm.de OK dlg@

CVS: cvs.openbsd.org: src

2020-12-15 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2020/12/15 08:23:48 Modified files: sys/net: pf_osfp.c Log message: missing NET_LOCK()/NET_UNLOCK() in pf_osfp_flush() OK mpi@

CVS: cvs.openbsd.org: src

2020-12-07 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2020/12/07 01:29:41 Modified files: sbin/pfctl : parse.y sys/net: pf.c share/man/man5 : pf.conf.5 Log message: synproxy should be processing incoming SYN packets only. issue

CVS: cvs.openbsd.org: src

2020-10-22 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2020/10/22 06:25:20 Modified files: sys/net: pf_ioctl.c Log message: - missing NET_UNLOCK() in pf_ioctl.c error path Reported-by: syzbot+b9af9c29ed1a6dabd...@syzkaller.appspotmail.com OK anton@

CVS: cvs.openbsd.org: src

2020-10-21 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2020/10/21 09:35:25 Modified files: sys/net: pf_osfp.c Log message: - fixing fatal typos fp vs fp_prealloc. OK mpi

CVS: cvs.openbsd.org: src

2020-10-21 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2020/10/21 02:08:05 Modified files: sys/net: pf_ioctl.c pf_osfp.c Log message: - move NET_LOCK() further down in pf_ioctl.c. Also move memory allocations outside of NET_LOCK()/PF_LOCK() scope in

CVS: cvs.openbsd.org: src

2020-06-28 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2020/06/28 00:40:14 Modified files: sys/net: if_pfsync.c Log message: state import should accept AF_INET/AF_INET6 only Reported-by: syzbot+6fef0091252d57113...@syzkaller.appspotmail.com ok kn@

CVS: cvs.openbsd.org: src

2020-04-19 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2020/04/19 16:31:06 Modified files: sys/net: pf_ioctl.c Log message: fix insufficient input sanitization in pf_rulecopyin() and pf_pool_copyin() Reported-by:

CVS: cvs.openbsd.org: src

2020-03-11 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2020/03/11 16:21:28 Modified files: sys/kern : uipc_socket.c Log message: Fix unlimited recursion caused by local outbound bcast/mcast packet sent via spliced socket. Reported-by:

CVS: cvs.openbsd.org: src

2020-01-17 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2020/01/17 02:07:36 Modified files: share/man/man5 : pf.conf.5 Log message: - pf.conf(5) should clearly state range match operator ':' does not work for uid/gid. OK @kn, OK @sthen

CVS: cvs.openbsd.org: src

2020-01-15 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2020/01/15 06:42:38 Modified files: sbin/pfctl : pfctl.8 Log message: Recent change to pfctl(8) prompts for a minor update of manpage. OK kn@

CVS: cvs.openbsd.org: src

2020-01-15 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2020/01/15 04:52:50 Modified files: sbin/pfctl : pfctl.c pfctl.h pfctl_osfp.c pfctl_parser.h pfctl_table.c Log message: Enable pfctl(8) to recursively flush rules and tables

CVS: cvs.openbsd.org: src

2019-12-23 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2019/12/23 16:02:53 Modified files: sys/netinet6 : ip6_input.c Log message: fix broken tree. sorry for inconveniences.

CVS: cvs.openbsd.org: src

2019-12-23 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2019/12/23 15:33:57 Modified files: sys/netinet: ip_input.c sys/netinet6 : ip6_input.c Log message: rdr-to with loopback destination should work even though IP forwarding is disabled. Issue

CVS: cvs.openbsd.org: src

2019-12-08 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2019/12/08 04:08:22 Modified files: lib/libc/sys : sysctl.2 sys/netinet: ip_carp.h ip_input.c ip_var.h sys/netinet6 : ip6_input.c ip6_var.h usr.bin/netstat: inet.c inet6.c

CVS: cvs.openbsd.org: src

2019-11-26 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2019/11/26 11:50:29 Modified files: sys/net: pf_ioctl.c Log message: fix kernel crash in pf_ioctl with WITH_PF_LOCK and NET_TASKQ > 1 the problem was introduced with a "mechanical" patch, which

CVS: cvs.openbsd.org: src

2019-10-21 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2019/10/21 17:02:05 Modified files: sys/net: bpf.c bpfdesc.h Log message: put bpfdesc reference counting back, revert change introduced in 1.175 as: BPF: remove redundant reference counting of

CVS: cvs.openbsd.org: src

2019-08-29 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2019/08/29 00:13:46 Modified files: sys/net: pf.c Log message: pf_state_insert() must grab state lock exclusively ok bluhm@

CVS: cvs.openbsd.org: src

2019-08-26 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2019/08/26 03:19:12 Modified files: sys/net: pf.c Log message: pf.conf "set timeout interval 1" causes kernel crash (bug reported and fix tested by Kor) ok kn@

CVS: cvs.openbsd.org: src

2019-08-15 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2019/08/15 12:44:53 Modified files: sbin/pfctl : pfctl.c Log message: pfctl_reset() must set syncookies settings back to default (bug found and fix tested by Jesper Wallin) OK deraadt OK kn

CVS: cvs.openbsd.org: src

2019-07-18 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2019/07/18 14:45:10 Modified files: sys/net: pf.c Log message: follow up to 'once rule' expiration ok lteo@

CVS: cvs.openbsd.org: src

2019-07-11 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2019/07/11 03:39:53 Modified files: sys/net: pf.c Log message: fix NULL pointer dereference, reported and fix tested by sthen ok yasuoka

CVS: cvs.openbsd.org: src

2019-06-04 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2019/06/04 17:06:34 Modified files: sys/net: if.c Log message: if_netisr(): trade NET_LOCK() for NET_RLOCK() OK mpi@

CVS: cvs.openbsd.org: src

2019-06-04 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2019/06/04 17:00:44 Modified files: sys/net: if_pfsync.c Log message: pfsync_sendout() requires PF_LOCK() OK mpi@

CVS: cvs.openbsd.org: src

2019-05-18 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2019/05/18 06:59:32 Modified files: sys/net: bpf.c bpfdesc.h Log message: BPF: remove redundant reference counting of filedescriptors OK visa@, OK mpi@

CVS: cvs.openbsd.org: src

2019-05-12 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2019/05/12 10:38:02 Modified files: sys/net: if.c if_bridge.c if_tun.c switchctl.c Log message: pushing NET_LOCK() further down from if_clone_{create,destroy}() OK mpi@

CVS: cvs.openbsd.org: src

2019-05-11 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2019/05/11 11:45:59 Modified files: sys/kern : kern_rwlock.c Log message: make rw-lock adaptive OK visa@, OK mpi@

CVS: cvs.openbsd.org: src

2019-05-08 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2019/05/08 15:31:30 Modified files: sbin/pfctl : parse.y Log message: pfctl should check pfctl.astack is not overrun (bug found and fixed by Petr Hoffmann _at_ oracle.com) OK kn@

CVS: cvs.openbsd.org: src

2019-05-08 Thread Alexandr Nedvedicky

CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2019/05/08 15:09:57 Modified files: sbin/pfctl : pfctl.8 share/man/man5 : pf.conf.5 Log message: update to PF pfctl(8) and pf.conf(5) manpages great input by Ingo, Jason and Klemens OK

1 2 >

1 - 100 of 151 matches

Mail list logo