tech-net archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Panic in nat_inlookup (trough ip6_input)
Thanks for digging out the patches.
CZ> Yes, there are fragment bugs fixed in later versions that have not been
CZ> pulled up to -6 :-(
EF> Any hint what these fixes are so I could pull-up them privately?
CZ> I would probably do these first :-)
CZ> Index: fil.c
CZ> ===================================================================
CZ> RCS file: /cvsroot/src/sys/external/bsd/ipf/netinet/fil.c,v
CZ> retrieving revision 1.15.2.3
CZ> retrieving revision 1.22
I don't have the #if 0's this diff removes.
I can't retrofit ipf_rule_compare() because I don't have fr_size.
The missing if's {} apply.
Index: fil.c
===================================================================
RCS file: /cvsroot/src/sys/dist/ipf/netinet/Attic/fil.c,v
retrieving revision 1.53.2.1
diff -u -p -r1.53.2.1 fil.c
--- fil.c 14 Mar 2013 22:33:15 -0000 1.53.2.1
+++ fil.c 8 May 2018 13:23:39 -0000
@@ -4420,11 +4420,12 @@ exit_free:
error = fr_outobj(data, fp, IPFOBJ_FRENTRY);
if (error == 0) {
- if ((f->fr_dsize != 0) && (uptr != NULL))
+ if ((f->fr_dsize != 0) && (uptr != NULL)) {
error = COPYOUT(f->fr_data, uptr,
f->fr_dsize);
if (error != 0)
error = EFAULT;
+ }
if (error == 0) {
f->fr_hits = 0;
f->fr_bytes = 0;
CZ> RCS file: /cvsroot/src/sys/external/bsd/ipf/netinet/ip_fil_compat.c,v
CZ> retrieving revision 1.4
CZ> retrieving revision 1.5
This error is in new compat code I definitely don't have.
CZ> RCS file: /cvsroot/src/sys/external/bsd/ipf/netinet/ip_frag.c,v
CZ> retrieving revision 1.3.14.1
CZ> retrieving revision 1.5
Both the #if 0 and the spelling check apply.
Index: ip_frag.c
===================================================================
RCS file: /cvsroot/src/sys/dist/ipf/netinet/Attic/ip_frag.c,v
retrieving revision 1.13
diff -u -p -r1.13 ip_frag.c
--- ip_frag.c 15 Feb 2012 17:55:22 -0000 1.13
+++ ip_frag.c 8 May 2018 13:08:07 -0000
@@ -540,6 +540,8 @@ fr_fraglookup(fr_info_t *fin, ipfr_t *ta
} else if (off == 0)
f->ipfr_seen0 = 1;
+#if 0
+ /* We can't do this, since we only have a read lock! */
if (f != table[idx]) {
ipfr_t **fp;
@@ -559,9 +561,10 @@ fr_fraglookup(fr_info_t *fin, ipfr_t *ta
f->ipfr_hprev = table + idx;
table[idx] = f;
}
+#endif
/*
- * If we've follwed the fragments, and this is the
+ * If we've followed the fragments, and this is the
* last (in order), shrink expiration time.
*/
if (off == f->ipfr_off) {
CZ> RCS file: /cvsroot/src/sys/external/bsd/ipf/netinet/radix_ipf.c,v
CZ> retrieving revision 1.5
CZ> retrieving revision 1.6
I don't have anything remotely similar to the random_{add,delete} routines
touched here.
Home |
Main Index |
Thread Index |
Old Index