| #
317241 |
|
21-Apr-2017 |
cy |
MFC r316809:
Fix a use after free panic in ipfilter's fragment processing.
Memory is malloc'd, then a search for a match in the fragment table
is made and if the fragment matches, the wrong fragment table is
freed, causing a use after free panic. This commit fixes this.
A symptom of the problem is a kernel page fault in bcopy() called by
ipf_frag_lookup() at line 715 in ip_frag.c. Another symptom is a
kernel page fault in ipf_frag_delete() when called by ipf_frag_expire()
via ipf_slowtimer().
|
| #
314251 |
|
25-Feb-2017 |
cy |
MFC r312787:
Currently the fragment info is placed at the top of the linked list
under a shared read lock. This patch attempts to upgrade the lock to
an exclusive write lock. If the exclusive write lock fails to be
obtained, the current fragment is not placed at the head of the list.
This portion of the patch was inspired by NetBSD ip_frag.c r1.4 (which
effectively removed the section of code that performed the reordering).
The patch to sys/contrib/ipfilter/netinet/ip_compat.h adds the
MUTEX_TRY_UPGRADE macro to support the patch to ip_frag.c.
The patch to contrib/ipfilter/lib/rwlock_emul.c supports this patch
by emulating the mutex in userspace when exercised by ipftest(1).
Inspired by: NetBSD ip_frag.c r1.4
|
| #
302015 |
|
18-Jun-2016 |
cy |
MFC r300259:
Enable the two ip_frag tuneables. The code is there but the two
ip_frag tuneables aren't registered in the ipf_tuners linked list.
This commmit enables the two existing ip_frag tuneables by registering
them.
MFC r300260:
Remove extraneous blank line.
|
| #
275690 |
|
10-Dec-2014 |
cy |
MFC r275199.
Correctly define constants.
|
| #
272993 |
|
12-Oct-2014 |
cy |
MFC r272052
ipfilter bug #558 add in some missing frag table function comments.
Obtained from: ipfilter CVS repo (r1.36)
|
| #
266829 |
|
29-May-2014 |
cy |
MFC r264235:
Implement the final missing sysctls by moving ipf_auth_softc_t from
ip_auth.c to ip_auth.h. ip_frag_soft_t moves from ip_frag.c to
ip_frag.h. mlfk_ipl.c creates sysctl MIBs that reference control blocks
that are dynamically created when IP Filter is loaded. This necessitated
creating them on-the-fly rather than statically at compile time.
Approved by: glebius (mentor)
|
| #
275690 |
|
10-Dec-2014 |
cy |
MFC r275199.
Correctly define constants.
|
| #
272993 |
|
12-Oct-2014 |
cy |
MFC r272052
ipfilter bug #558 add in some missing frag table function comments.
Obtained from: ipfilter CVS repo (r1.36)
|
| #
266829 |
|
29-May-2014 |
cy |
MFC r264235:
Implement the final missing sysctls by moving ipf_auth_softc_t from
ip_auth.c to ip_auth.h. ip_frag_soft_t moves from ip_frag.c to
ip_frag.h. mlfk_ipl.c creates sysctl MIBs that reference control blocks
that are dynamically created when IP Filter is loaded. This necessitated
creating them on-the-fly rather than statically at compile time.
Approved by: glebius (mentor)
|