CVS commit: src

["Mindaugas Rasiukevicius" <rmind%netbsd.org@localhost>]

Module Name:    src
Committed By:   rmind
Date:           Sat May 23 19:56:00 UTC 2020

Modified Files:
        src/sys/net/npf: npf_conf.c npf_conn.c npf_conn.h npf_conndb.c
            npf_inet.c npf_nat.c
        src/usr.sbin/npf/npfctl: npf_build.c npf_show.c npfctl.h

Log Message:
Backport selected NPF fixes from the upstream (to be pulled up):

- npf_conndb_lookup: protect the connection lookup with pserialize(9),
  instead of incorrectly assuming that the handler always runs at IPL_SOFNET.
  Should fix crashes reported on high load (PR/55182).

- npf_config_destroy: handle partially initialized config; fixes crashes
  with some invalid configurations.

- NAT policy creation / destruction: set the initial reference and do not
  wait for reference draining on destruction; destroy the policy on the
  last reference drop instead.  Fixes a lockup with the dynamic NAT rules.

- npf_nat_{export,import}: fix a regression since dynamic NAT rules.

- npfctl: fix a regression and restore the default group behaviour.

- Add npf_cache_tcp() and validate the TCP data offset (from maxv@).


To generate a diff of this commit:
cvs rdiff -u -r1.15 -r1.16 src/sys/net/npf/npf_conf.c
cvs rdiff -u -r1.30 -r1.31 src/sys/net/npf/npf_conn.c
cvs rdiff -u -r1.18 -r1.19 src/sys/net/npf/npf_conn.h
cvs rdiff -u -r1.7 -r1.8 src/sys/net/npf/npf_conndb.c
cvs rdiff -u -r1.55 -r1.56 src/sys/net/npf/npf_inet.c
cvs rdiff -u -r1.48 -r1.49 src/sys/net/npf/npf_nat.c
cvs rdiff -u -r1.53 -r1.54 src/usr.sbin/npf/npfctl/npf_build.c
cvs rdiff -u -r1.30 -r1.31 src/usr.sbin/npf/npfctl/npf_show.c
cvs rdiff -u -r1.51 -r1.52 src/usr.sbin/npf/npfctl/npfctl.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.