[src/netbsd-7-0]: src/sys/external/bsd/ipf/netinet Pull up following revision...

[snj <snj%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/f50df4f3a089
branches:  netbsd-7-0
changeset: 801381:f50df4f3a089
user:      snj <snj%NetBSD.org@localhost>
date:      Fri Aug 25 05:31:36 2017 +0000

description:
Pull up following revision(s) (requested by mrg in ticket #1412):
        sys/external/bsd/ipf/netinet/fil.c: revision 1.20
        sys/external/bsd/ipf/netinet/ip_frag.c: revision 1.5
        sys/external/bsd/ipf/netinet/ip_state.c: revision 1.7
Disconnect maintaining fragment state from keeping session state. The user
now must specify keep frags along with keep state to have ipfilter do what
it did before, as documented in ipf.conf.5. (Cy Schubert @ FreeBSD)
--
Free the right fragment (Cy Schubert @ FreeBSD). This will cause use after free
issues and eventually panic.

diffstat:

 sys/external/bsd/ipf/netinet/fil.c      |  6 +++---
 sys/external/bsd/ipf/netinet/ip_frag.c  |  6 +++---
 sys/external/bsd/ipf/netinet/ip_state.c |  7 ++++---
 3 files changed, 10 insertions(+), 9 deletions(-)

diffs (82 lines):

diff -r 891f38c60615 -r f50df4f3a089 sys/external/bsd/ipf/netinet/fil.c
--- a/sys/external/bsd/ipf/netinet/fil.c        Fri Aug 25 03:52:13 2017 +0000
+++ b/sys/external/bsd/ipf/netinet/fil.c        Fri Aug 25 05:31:36 2017 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: fil.c,v 1.15.2.1 2015/04/10 20:26:46 snj Exp $ */
+/*     $NetBSD: fil.c,v 1.15.2.1.2.1 2017/08/25 05:31:36 snj Exp $     */
 
 /*
  * Copyright (C) 2012 by Darren Reed.
@@ -138,7 +138,7 @@
 #if !defined(lint)
 #if defined(__NetBSD__)
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: fil.c,v 1.15.2.1 2015/04/10 20:26:46 snj Exp $");
+__KERNEL_RCSID(0, "$NetBSD: fil.c,v 1.15.2.1.2.1 2017/08/25 05:31:36 snj Exp $");
 #else
 static const char sccsid[] = "@(#)fil.c        1.36 6/5/96 (C) 1993-2000 Darren Reed";
 static const char rcsid[] = "@(#)Id: fil.c,v 1.1.1.2 2012/07/22 13:45:07 darrenr Exp $";
@@ -2689,7 +2689,7 @@
         * If the rule has "keep frag" and the packet is actually a fragment,
         * then create a fragment state entry.
         */
-       if ((pass & (FR_KEEPFRAG|FR_KEEPSTATE)) == FR_KEEPFRAG) {
+       if (pass & FR_KEEPFRAG) {
                if (fin->fin_flx & FI_FRAG) {
                        if (ipf_frag_new(softc, fin, pass) == -1) {
                                LBUMP(ipf_stats[out].fr_bnfr);
diff -r 891f38c60615 -r f50df4f3a089 sys/external/bsd/ipf/netinet/ip_frag.c
--- a/sys/external/bsd/ipf/netinet/ip_frag.c    Fri Aug 25 03:52:13 2017 +0000
+++ b/sys/external/bsd/ipf/netinet/ip_frag.c    Fri Aug 25 05:31:36 2017 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: ip_frag.c,v 1.3 2012/07/22 14:27:51 darrenr Exp $      */
+/*     $NetBSD: ip_frag.c,v 1.3.18.1 2017/08/25 05:31:36 snj Exp $     */
 
 /*
  * Copyright (C) 2012 by Darren Reed.
@@ -87,7 +87,7 @@
 #if !defined(lint)
 #if defined(__NetBSD__)
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip_frag.c,v 1.3 2012/07/22 14:27:51 darrenr Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip_frag.c,v 1.3.18.1 2017/08/25 05:31:36 snj Exp $");
 #else
 static const char sccsid[] = "@(#)ip_frag.c    1.11 3/24/96 (C) 1993-2000 Darren Reed";
 static const char rcsid[] = "@(#)Id: ip_frag.c,v 1.1.1.2 2012/07/22 13:45:17 darrenr Exp";
@@ -468,7 +468,7 @@
                          IPFR_CMPSZ)) {
                        RWLOCK_EXIT(lock);
                        FBUMPD(ifs_exists);
-                       KFREE(fra);
+                       KFREE(fran);
                        return NULL;
                }
 
diff -r 891f38c60615 -r f50df4f3a089 sys/external/bsd/ipf/netinet/ip_state.c
--- a/sys/external/bsd/ipf/netinet/ip_state.c   Fri Aug 25 03:52:13 2017 +0000
+++ b/sys/external/bsd/ipf/netinet/ip_state.c   Fri Aug 25 05:31:36 2017 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: ip_state.c,v 1.6 2013/09/14 12:16:11 martin Exp $      */
+/*     $NetBSD: ip_state.c,v 1.6.8.1 2017/08/25 05:31:36 snj Exp $     */
 
 /*
  * Copyright (C) 2012 by Darren Reed.
@@ -100,7 +100,7 @@
 #if !defined(lint)
 #if defined(__NetBSD__)
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip_state.c,v 1.6 2013/09/14 12:16:11 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip_state.c,v 1.6.8.1 2017/08/25 05:31:36 snj Exp $");
 #else
 static const char sccsid[] = "@(#)ip_state.c   1.8 6/5/96 (C) 1993-2000 Darren Reed";
 static const char rcsid[] = "@(#)Id: ip_state.c,v 1.1.1.2 2012/07/22 13:45:37 darrenr Exp";
@@ -3341,7 +3341,8 @@
         * If this packet is a fragment and the rule says to track fragments,
         * then create a new fragment cache entry.
         */
-       if ((fin->fin_flx & FI_FRAG) && FR_ISPASS(is->is_pass))
+       if (fin->fin_flx & FI_FRAG && FR_ISPASS(is->is_pass) &&
+          is->is_pass & FR_KEEPFRAG)
                (void) ipf_frag_new(softc, fin, is->is_pass);
 
        /*