CVS commit: [netbsd-8] src/sys/external/bsd/ipf/netinet
Module Name:src
Committed By: martin
Date: Wed Dec 26 13:18:53 UTC 2018
Modified Files:
src/sys/external/bsd/ipf/netinet [netbsd-8]: fil.c
Log Message:
Pull up the following, requested by sevan in ticket #1144:
sys/external/bsd/ipf/netinet/fil.c 1.22
accidently commited to HEAD by mrg with a very misleading log message and
a bunch of unrelated changes - but really:
fix missing braces around a block (detected by newer gcc's indentation
checks).
To generate a diff of this commit:
cvs rdiff -u -r1.20.4.1 -r1.20.4.2 src/sys/external/bsd/ipf/netinet/fil.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/external/bsd/ipf/netinet/fil.c
diff -u src/sys/external/bsd/ipf/netinet/fil.c:1.20.4.1 src/sys/external/bsd/ipf/netinet/fil.c:1.20.4.2
--- src/sys/external/bsd/ipf/netinet/fil.c:1.20.4.1 Sat Sep 23 17:28:41 2017
+++ src/sys/external/bsd/ipf/netinet/fil.c Wed Dec 26 13:18:53 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: fil.c,v 1.20.4.1 2017/09/23 17:28:41 snj Exp $ */
+/* $NetBSD: fil.c,v 1.20.4.2 2018/12/26 13:18:53 martin Exp $ */
/*
* Copyright (C) 2012 by Darren Reed.
@@ -138,7 +138,7 @@ extern struct timeout ipf_slowtimer_ch;
#if !defined(lint)
#if defined(__NetBSD__)
#include
-__KERNEL_RCSID(0, "$NetBSD: fil.c,v 1.20.4.1 2017/09/23 17:28:41 snj Exp $");
+__KERNEL_RCSID(0, "$NetBSD: fil.c,v 1.20.4.2 2018/12/26 13:18:53 martin Exp $");
#else
static const char sccsid[] = "@(#)fil.c 1.36 6/5/96 (C) 1993-2000 Darren Reed";
static const char rcsid[] = "@(#)Id: fil.c,v 1.1.1.2 2012/07/22 13:45:07 darrenr Exp $";
@@ -4893,13 +4893,14 @@ frrequest(ipf_main_softc_t *softc, int u
error = ipf_outobj(softc, data, fp, IPFOBJ_FRENTRY);
if (error == 0) {
-if ((f->fr_dsize != 0) && (uptr != NULL))
+if ((f->fr_dsize != 0) && (uptr != NULL)) {
error = COPYOUT(f->fr_data, uptr,
f->fr_dsize);
if (error != 0) {
IPFERROR(28);
error = EFAULT;
}
+}
if (error == 0) {
f->fr_hits = 0;
f->fr_bytes = 0;
CVS commit: [netbsd-8] src/sys/external/bsd/ipf/netinet
Module Name:src
Committed By: snj
Date: Fri Nov 17 20:20:23 UTC 2017
Modified Files:
src/sys/external/bsd/ipf/netinet [netbsd-8]: ip_state.c
Log Message:
Pull up following revision(s) (requested by sborrill in ticket #352):
sys/external/bsd/ipf/netinet/ip_state.c: 1.9-1.10
When growing the state, remember to grow the seed array, otherwise we'll end
up accessing memory we did not allocate.
--
put back the cast.
To generate a diff of this commit:
cvs rdiff -u -r1.7 -r1.7.4.1 src/sys/external/bsd/ipf/netinet/ip_state.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/external/bsd/ipf/netinet/ip_state.c
diff -u src/sys/external/bsd/ipf/netinet/ip_state.c:1.7 src/sys/external/bsd/ipf/netinet/ip_state.c:1.7.4.1
--- src/sys/external/bsd/ipf/netinet/ip_state.c:1.7 Sun Apr 23 20:47:22 2017
+++ src/sys/external/bsd/ipf/netinet/ip_state.c Fri Nov 17 20:20:22 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: ip_state.c,v 1.7 2017/04/23 20:47:22 christos Exp $ */
+/* $NetBSD: ip_state.c,v 1.7.4.1 2017/11/17 20:20:22 snj Exp $ */
/*
* Copyright (C) 2012 by Darren Reed.
@@ -100,7 +100,7 @@ struct file;
#if !defined(lint)
#if defined(__NetBSD__)
#include
-__KERNEL_RCSID(0, "$NetBSD: ip_state.c,v 1.7 2017/04/23 20:47:22 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip_state.c,v 1.7.4.1 2017/11/17 20:20:22 snj Exp $");
#else
static const char sccsid[] = "@(#)ip_state.c 1.8 6/5/96 (C) 1993-2000 Darren Reed";
static const char rcsid[] = "@(#)Id: ip_state.c,v 1.1.1.2 2012/07/22 13:45:37 darrenr Exp";
@@ -298,6 +298,32 @@ ipf_state_soft_destroy(ipf_main_softc_t
KFREE(softs);
}
+static void *
+ipf_state_seed_alloc(u_int state_size, u_int state_max)
+{
+ u_int i;
+ u_long *state_seed;
+ KMALLOCS(state_seed, u_long *, state_size * sizeof(*state_seed));
+ if (state_seed == NULL)
+ return NULL;
+
+ for (i = 0; i < state_size; i++) {
+ /*
+ * XXX - ipf_state_seed[X] should be a random number of sorts.
+ */
+#if !defined(NEED_LOCAL_RAND) && defined(_KERNEL)
+ state_seed[i] = cprng_fast32();
+#else
+ state_seed[i] = ((u_long)state_seed + i) * state_size;
+ state_seed[i] ^= 0xa5a55a5a;
+ state_seed[i] *= (u_long)state_seed;
+ state_seed[i] ^= 0x5a5aa5a5;
+ state_seed[i] *= state_max;
+#endif
+ }
+ return state_seed;
+}
+
/* */
/* Function:ipf_state_soft_init */
@@ -328,27 +354,11 @@ ipf_state_soft_init(ipf_main_softc_t *so
bzero((char *)softs->ipf_state_table,
softs->ipf_state_size * sizeof(ipstate_t *));
- KMALLOCS(softs->ipf_state_seed, u_long *,
- softs->ipf_state_size * sizeof(*softs->ipf_state_seed));
+ softs->ipf_state_seed = ipf_state_seed_alloc(softs->ipf_state_size,
+ softs->ipf_state_max);
if (softs->ipf_state_seed == NULL)
return -2;
- for (i = 0; i < softs->ipf_state_size; i++) {
- /*
- * XXX - ipf_state_seed[X] should be a random number of sorts.
- */
-#if !defined(NEED_LOCAL_RAND) && defined(_KERNEL)
- softs->ipf_state_seed[i] = cprng_fast32();
-#else
- softs->ipf_state_seed[i] = ((u_long)softs->ipf_state_seed + i) *
-softs->ipf_state_size;
- softs->ipf_state_seed[i] ^= 0xa5a55a5a;
- softs->ipf_state_seed[i] *= (u_long)softs->ipf_state_seed;
- softs->ipf_state_seed[i] ^= 0x5a5aa5a5;
- softs->ipf_state_seed[i] *= softs->ipf_state_max;
-#endif
- }
-
KMALLOCS(softs->ipf_state_stats.iss_bucketlen, u_int *,
softs->ipf_state_size * sizeof(u_int));
if (softs->ipf_state_stats.iss_bucketlen == NULL)
@@ -5137,6 +5147,7 @@ ipf_state_rehash(ipf_main_softc_t *softc
{
ipf_state_softc_t *softs = softc->ipf_state_soft;
ipstate_t **newtab, *is;
+ u_long *newseed;
u_int *bucketlens;
u_int maxbucket;
u_int newsize;
@@ -5163,6 +5174,14 @@ ipf_state_rehash(ipf_main_softc_t *softc
return ENOMEM;
}
+ newseed = ipf_state_seed_alloc(newsize, softs->ipf_state_max);
+ if (newseed == NULL) {
+ KFREES(bucketlens, newsize * sizeof(*bucketlens));
+ KFREES(newtab, newsize * sizeof(*newtab));
+ IPFERROR(100037);
+ return ENOMEM;
+ }
+
for (maxbucket = 0, i = newsize; i > 0; i >>= 1)
maxbucket++;
maxbucket *= 2;
@@ -5178,6 +5197,12 @@ ipf_state_rehash(ipf_main_softc_t *softc
}
softs->ipf_state_table = newtab;
+ if (softs->ipf_state_seed != NULL) {
+ KFREES(softs->ipf_state_seed,
+ softs->ipf_state_size * sizeof(*softs->ipf_state_seed));
+ }
+ softs->ipf_state_seed = newseed;
+
if (softs->ipf_state_stats.iss_bucketlen != NULL) {
KFREES(softs->ipf_state_stats.iss_bucketlen,
softs->ipf_state_size * sizeof(u_int));
CVS commit: [netbsd-8] src/sys/external/bsd/ipf/netinet
Module Name:src Committed By: snj Date: Sat Sep 23 17:28:41 UTC 2017 Modified Files: src/sys/external/bsd/ipf/netinet [netbsd-8]: fil.c Log Message: Pull up following revision(s) (requested by christos in ticket #283): sys/external/bsd/ipf/netinet/fil.c: revision 1.21 Revert changing the byte order of fi->fi_addr. It is already correct. From Timo Buhrmester To generate a diff of this commit: cvs rdiff -u -r1.20 -r1.20.4.1 src/sys/external/bsd/ipf/netinet/fil.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/external/bsd/ipf/netinet/fil.c diff -u src/sys/external/bsd/ipf/netinet/fil.c:1.20 src/sys/external/bsd/ipf/netinet/fil.c:1.20.4.1 --- src/sys/external/bsd/ipf/netinet/fil.c:1.20 Sun Apr 23 20:47:22 2017 +++ src/sys/external/bsd/ipf/netinet/fil.c Sat Sep 23 17:28:41 2017 @@ -1,4 +1,4 @@ -/* $NetBSD: fil.c,v 1.20 2017/04/23 20:47:22 christos Exp $ */ +/* $NetBSD: fil.c,v 1.20.4.1 2017/09/23 17:28:41 snj Exp $ */ /* * Copyright (C) 2012 by Darren Reed. @@ -138,7 +138,7 @@ extern struct timeout ipf_slowtimer_ch; #if !defined(lint) #if defined(__NetBSD__) #include -__KERNEL_RCSID(0, "$NetBSD: fil.c,v 1.20 2017/04/23 20:47:22 christos Exp $"); +__KERNEL_RCSID(0, "$NetBSD: fil.c,v 1.20.4.1 2017/09/23 17:28:41 snj Exp $"); #else static const char sccsid[] = "@(#)fil.c 1.36 6/5/96 (C) 1993-2000 Darren Reed"; static const char rcsid[] = "@(#)Id: fil.c,v 1.1.1.2 2012/07/22 13:45:07 darrenr Exp $"; @@ -1709,7 +1709,7 @@ ipf_pr_ipv4hdr(fr_info_t *fin) fin->fin_crc += fi->fi_saddr; fi->fi_daddr = ip->ip_dst.s_addr; fin->fin_crc += fi->fi_daddr; - if (IN_CLASSD(ntohl(fi->fi_daddr))) + if (IN_CLASSD(fi->fi_daddr)) fin->fin_flx |= FI_MULTICAST|FI_MBCAST; /*
CVS commit: [netbsd-8] src/sys/external/bsd/ipf/netinet
Module Name:src
Committed By: snj
Date: Mon Aug 14 23:51:14 UTC 2017
Modified Files:
src/sys/external/bsd/ipf/netinet [netbsd-8]: ip_fil_netbsd.c
Log Message:
Pull up following revision(s) (requested by christos in ticket #206):
sys/external/bsd/ipf/netinet/ip_fil_netbsd.c: 1.24-1.26
Fix ipf failing to sent TCP RST's on link-local interfaces by stuffing
the scope KAME style before calling the routing routines instead of after.
>From Edgar Fuss.
--
>From Edgar Fuss:
ipf's return-icmp doesn't work when the packet matched by the rule is
directed at a link local address. The problem is that
ipf_send_icmp_err() calls ipf_ifpaddr() to find an address of the
interface in question, but that routine discards link local addresses.
I guess the best fix is to simply use the destination address instead if
it is link local, i.e. treat the rule as if return-icmp-as-dest was
given in this case.
--
use the scoping functions (JINMEI, Tatuya)
To generate a diff of this commit:
cvs rdiff -u -r1.23 -r1.23.2.1 \
src/sys/external/bsd/ipf/netinet/ip_fil_netbsd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/external/bsd/ipf/netinet/ip_fil_netbsd.c
diff -u src/sys/external/bsd/ipf/netinet/ip_fil_netbsd.c:1.23 src/sys/external/bsd/ipf/netinet/ip_fil_netbsd.c:1.23.2.1
--- src/sys/external/bsd/ipf/netinet/ip_fil_netbsd.c:1.23 Fri May 12 08:03:26 2017
+++ src/sys/external/bsd/ipf/netinet/ip_fil_netbsd.c Mon Aug 14 23:51:14 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: ip_fil_netbsd.c,v 1.23 2017/05/12 08:03:26 christos Exp $ */
+/* $NetBSD: ip_fil_netbsd.c,v 1.23.2.1 2017/08/14 23:51:14 snj Exp $ */
/*
* Copyright (C) 2012 by Darren Reed.
@@ -8,7 +8,7 @@
#if !defined(lint)
#if defined(__NetBSD__)
#include
-__KERNEL_RCSID(0, "$NetBSD: ip_fil_netbsd.c,v 1.23 2017/05/12 08:03:26 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip_fil_netbsd.c,v 1.23.2.1 2017/08/14 23:51:14 snj Exp $");
#else
static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed";
static const char rcsid[] = "@(#)Id: ip_fil_netbsd.c,v 1.1.1.2 2012/07/22 13:45:17 darrenr Exp";
@@ -79,6 +79,9 @@ static const char rcsid[] = "@(#)Id: ip_
# if (__NetBSD_Version__ >= 10600)
# include
# endif
+# if __NetBSD_Version__ >= 499001100
+# include
+# endif
#endif
#include "netinet/ip_fil.h"
#include "netinet/ip_nat.h"
@@ -987,7 +990,7 @@ ipf_send_icmp_err(int type, fr_info_t *f
}
xtra = MIN(fin->fin_plen, avail - iclen - max_linkhdr);
xtra = MIN(xtra, IPV6_MMTU - iclen);
- if (dst == 0) {
+ if (dst == 0 && !IN6_IS_ADDR_LINKLOCAL(>fin_dst6.in6)) {
if (ipf_ifpaddr(, 6, FRI_NORMAL, ifp,
, NULL) == -1) {
FREE_MB_T(m);
@@ -1420,6 +1423,12 @@ ipf_fastroute6(struct mbuf *m0, struct m
sockaddr_in6_init(, >fd_ip6.in6, 0, 0, 0);
else
sockaddr_in6_init(, >fin_fi.fi_dst.in6, 0, 0, 0);
+ if ((error = in6_setscope(_addr, ifp,
+ _scope_id)) != 0)
+ return error;
+ if ((error = sa6_embedscope(, 0)) != 0)
+ return error;
+
dst =
rtcache_setdst(ro, dst);
@@ -1431,6 +1440,9 @@ ipf_fastroute6(struct mbuf *m0, struct m
dst6->sin6_family = AF_INET6;
dst6->sin6_len = sizeof(struct sockaddr_in6);
dst6->sin6_addr = fin->fin_fi.fi_dst.in6;
+ /* KAME */
+ if (IN6_IS_ADDR_LINKLOCAL(>sin6_addr))
+ dst6->sin6_addr.s6_addr16[1] = htons(ifp->if_index);
if (fdp != NULL) {
if (IP6_NOTZERO(>fd_ip6))
@@ -1449,15 +1461,6 @@ ipf_fastroute6(struct mbuf *m0, struct m
goto bad;
}
- /* KAME */
-# if __NetBSD_Version__ >= 499001100
- if (IN6_IS_ADDR_LINKLOCAL(_addr))
- u.dst6.sin6_addr.s6_addr16[1] = htons(ifp->if_index);
-# else
- if (IN6_IS_ADDR_LINKLOCAL(>sin6_addr))
- dst6->sin6_addr.s6_addr16[1] = htons(ifp->if_index);
-# endif
-
{
# if (__NetBSD_Version__ >= 10601) && !defined(IN6_LINKMTU)
struct in6_ifextra *ife;
