#
1.26 |
|
02-Feb-2022 |
msaitoh |
s/Incluse/Include/
|
#
1.25 |
|
21-Sep-2021 |
christos |
don't opencode kauth_cred_get()
|
Revision tags: thorpej-i2c-spi-conf2-base thorpej-futex2-base thorpej-cfargs2-base cjep_sun2x-base1 cjep_sun2x-base cjep_staticlib_x-base1 thorpej-i2c-spi-conf-base
|
#
1.24 |
|
26-May-2021 |
christos |
Fix ip_nat memory leak and use-after-free, wrong element freed (Cy Schubert) https://cgit.freebsd.org/src/commit/?id=323a4e2c4e285e6f8eee8db3fe2cb74
|
Revision tags: cjep_staticlib_x-base thorpej-cfargs-base thorpej-futex-base
|
#
1.23 |
|
01-Aug-2020 |
maxv |
branches: 1.23.6; 1.23.8; Remove #ifdef BRIDGE_IPF, compile in the code by default. Sent to tech-net@.
|
#
1.22 |
|
24-Jun-2020 |
jdolecek |
reduce stack usage in ipf_nat_ioctl()
also, in SIOCADNAT, make sure to not leak kernel data
|
Revision tags: netbsd-9-2-RELEASE netbsd-9-1-RELEASE bouyer-xenpvh-base2 phil-wifi-20200421 bouyer-xenpvh-base1 phil-wifi-20200411 bouyer-xenpvh-base is-mlppp-base phil-wifi-20200406 ad-namecache-base3 netbsd-9-0-RELEASE netbsd-9-0-RC2 ad-namecache-base2 ad-namecache-base1 ad-namecache-base netbsd-9-0-RC1 phil-wifi-20191119 netbsd-9-base phil-wifi-20190609 isaki-audio2-base
|
#
1.21 |
|
04-Feb-2019 |
mrg |
add fallthru comments.
|
Revision tags: pgoyette-compat-20190127 pgoyette-compat-20190118 pgoyette-compat-1226 pgoyette-compat-1126 pgoyette-compat-1020 pgoyette-compat-0930 pgoyette-compat-0906 pgoyette-compat-0728 phil-wifi-base pgoyette-compat-0625
|
#
1.20 |
|
03-Jun-2018 |
maxv |
branches: 1.20.2; Constify a bunch of global varialbes under ipf/ so that they land in .rodata (3472 bytes).
Also, remove ipf_tuneables[], unused.
|
Revision tags: pgoyette-compat-0521
|
#
1.19 |
|
03-May-2018 |
maxv |
Remove now unused tcpip.h includes. Some were already unused before.
|
Revision tags: pgoyette-compat-0502 pgoyette-compat-0422 pgoyette-compat-0415 pgoyette-compat-0407 pgoyette-compat-0330 pgoyette-compat-0322 pgoyette-compat-0315 pgoyette-compat-base tls-maxphys-base-20171202 nick-nhusb-base-20170825 perseant-stdc-iso10646-base
|
#
1.18 |
|
01-Jul-2017 |
khorben |
branches: 1.18.4; Typo
|
Revision tags: netbsd-8-2-RELEASE netbsd-8-1-RELEASE netbsd-8-1-RC1 netbsd-8-0-RELEASE netbsd-8-0-RC2 netbsd-8-0-RC1 matt-nb8-mediatek-base netbsd-8-base prg-localcount2-base3 prg-localcount2-base2 prg-localcount2-base1 prg-localcount2-base pgoyette-localcount-20170426 bouyer-socketcan-base1 jdolecek-ncq-base pgoyette-localcount-20170320 nick-nhusb-base-20170204 bouyer-socketcan-base pgoyette-localcount-20170107 nick-nhusb-base-20161204 pgoyette-localcount-20161104
|
#
1.17 |
|
04-Oct-2016 |
sborrill |
Fix lookup of original destination address when using a redirect rule. This is required for transparent proxying by squid, for example.
|
Revision tags: nick-nhusb-base-20161004 localcount-20160914 pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base nick-nhusb-base-20160907 nick-nhusb-base-20160529 nick-nhusb-base-20160422 nick-nhusb-base-20160319
|
#
1.16 |
|
17-Mar-2016 |
khorben |
branches: 1.16.2; Fix matching of ICMP queries when NAT'd through IPF
This notably fixes MTU updates for hosts issueing ICMP queries through a NAT performed by NetBSD with IPF.
|
Revision tags: nick-nhusb-base-20151226
|
#
1.15 |
|
06-Oct-2015 |
prlw1 |
Update comments to match previous change (avoid panic in SIOCGNATL)
|
Revision tags: nick-nhusb-base-20150921
|
#
1.14 |
|
07-Aug-2015 |
prlw1 |
Avoid panic in SIOCGNATL dereferencing a NULL softc. Solution suggestion from Martin Husemann.
|
Revision tags: netbsd-7-0-RC2 netbsd-7-0-RC1 nick-nhusb-base-20150606 nick-nhusb-base-20150406 nick-nhusb-base netbsd-7-base tls-earlyentropy-base tls-maxphys-base
|
#
1.13 |
|
12-Jul-2014 |
darrenr |
branches: 1.13.2; 1.13.4; PR kern/47665 For ICMP packets, use the "oicmpid" and "nicmpid" fields explicitly rather than overloading those with "port" in them and expecting them to work.
|
#
1.12 |
|
28-Jun-2014 |
darrenr |
#537 NAT rules with sticky have incorrect hostmap IP address
|
Revision tags: yamt-pagecache-base9 riastradh-xf86-video-intel-2-7-1-pre-2-21-15 riastradh-drm2-base3 rmind-smpnet-nbase rmind-smpnet-base
|
#
1.11 |
|
27-Feb-2014 |
joerg |
branches: 1.11.2; Checking the return value of an allocator works better, when looking at the stored pointer.
|
#
1.10 |
|
14-Sep-2013 |
martin |
Remove unused variables
|
Revision tags: riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base agc-symver-base yamt-pagecache-base8
|
#
1.9 |
|
09-Jan-2013 |
christos |
branches: 1.9.2; Back out my last change, which was a partial fix for hash code computation problems. Apply Darren's more complete reworking of hash code computation. Ensure that the struct containing the red-black tree head is properly initialized. From Geoff Adams
|
#
1.8 |
|
05-Jan-2013 |
christos |
Fix bucket and chain counts on nat lists from Geoff Adams:
The problem was that ipf_nat_delete wasn't swapping inbound and outbound hash codes for inbound NAT entries, so it was essentially always looking in the wrong buckets in those cases. But because of the way the linked list works, I don't think any NAT entries were actually leaked. But since all the bucket counters and chain count were getting messed up, things did start to go bad after a while. (New NAT entries wouldn't be created, for instance.)
The fix is in the ipf_nat_delete function, itself; the other changes are a slight refactoring of one method and adding some comments that helped me figure out how the linked list with pointer-back-pointers worked.
Also note that I haven't looked through the logic in ipf_nat_rehash; it's likely that that might miss some things for the same reason.
I also haven't yet looked into the ipf_nat_newrdr problem with mappings already existing. That'll be next.
|
#
1.7 |
|
20-Dec-2012 |
christos |
- Replace the seemingly broken built-in ipf rbtree implementation with ours. - Fix typos in comments - Fix 2 mutex errors From Geoff Adams
|
Revision tags: yamt-pagecache-base7 yamt-pagecache-base6
|
#
1.6 |
|
30-Jul-2012 |
pgoyette |
branches: 1.6.2; Make ipf compile even without INET6 support.
Changes have been fed upstream (to darrenr@)
|
#
1.5 |
|
22-Jul-2012 |
darrenr |
ansify new function definition
|
#
1.4 |
|
22-Jul-2012 |
darrenr |
ansify new function definition
|
#
1.3 |
|
22-Jul-2012 |
darrenr |
Merge IPFilter 5.1.2 into HEAD
|
Revision tags: jmcneill-usbmp-base10 yamt-pagecache-base5 jmcneill-usbmp-base9 yamt-pagecache-base4 jmcneill-usbmp-base8
|
#
1.2 |
|
23-Mar-2012 |
christos |
branches: 1.2.2; 1.2.4; apply our changes. - prototypes - ip_h323_pxy.c is missing from the distribution - original tar distribution is missing <$>Id values in most files
|
#
1.1 |
|
23-Mar-2012 |
christos |
branches: 1.1.1; Initial revision
|
#
1.25 |
|
21-Sep-2021 |
christos |
don't opencode kauth_cred_get()
|
Revision tags: thorpej-i2c-spi-conf2-base thorpej-futex2-base thorpej-cfargs2-base cjep_sun2x-base1 cjep_sun2x-base cjep_staticlib_x-base1 thorpej-i2c-spi-conf-base
|
#
1.24 |
|
26-May-2021 |
christos |
Fix ip_nat memory leak and use-after-free, wrong element freed (Cy Schubert) https://cgit.freebsd.org/src/commit/?id=323a4e2c4e285e6f8eee8db3fe2cb74
|
Revision tags: cjep_staticlib_x-base thorpej-cfargs-base thorpej-futex-base
|
#
1.23 |
|
01-Aug-2020 |
maxv |
branches: 1.23.6; 1.23.8; Remove #ifdef BRIDGE_IPF, compile in the code by default. Sent to tech-net@.
|
#
1.22 |
|
24-Jun-2020 |
jdolecek |
reduce stack usage in ipf_nat_ioctl()
also, in SIOCADNAT, make sure to not leak kernel data
|
Revision tags: netbsd-9-2-RELEASE netbsd-9-1-RELEASE bouyer-xenpvh-base2 phil-wifi-20200421 bouyer-xenpvh-base1 phil-wifi-20200411 bouyer-xenpvh-base is-mlppp-base phil-wifi-20200406 ad-namecache-base3 netbsd-9-0-RELEASE netbsd-9-0-RC2 ad-namecache-base2 ad-namecache-base1 ad-namecache-base netbsd-9-0-RC1 phil-wifi-20191119 netbsd-9-base phil-wifi-20190609 isaki-audio2-base
|
#
1.21 |
|
04-Feb-2019 |
mrg |
add fallthru comments.
|
Revision tags: pgoyette-compat-20190127 pgoyette-compat-20190118 pgoyette-compat-1226 pgoyette-compat-1126 pgoyette-compat-1020 pgoyette-compat-0930 pgoyette-compat-0906 pgoyette-compat-0728 phil-wifi-base pgoyette-compat-0625
|
#
1.20 |
|
03-Jun-2018 |
maxv |
branches: 1.20.2; Constify a bunch of global varialbes under ipf/ so that they land in .rodata (3472 bytes).
Also, remove ipf_tuneables[], unused.
|
Revision tags: pgoyette-compat-0521
|
#
1.19 |
|
03-May-2018 |
maxv |
Remove now unused tcpip.h includes. Some were already unused before.
|
Revision tags: pgoyette-compat-0502 pgoyette-compat-0422 pgoyette-compat-0415 pgoyette-compat-0407 pgoyette-compat-0330 pgoyette-compat-0322 pgoyette-compat-0315 pgoyette-compat-base tls-maxphys-base-20171202 nick-nhusb-base-20170825 perseant-stdc-iso10646-base
|
#
1.18 |
|
01-Jul-2017 |
khorben |
branches: 1.18.4; Typo
|
Revision tags: netbsd-8-2-RELEASE netbsd-8-1-RELEASE netbsd-8-1-RC1 netbsd-8-0-RELEASE netbsd-8-0-RC2 netbsd-8-0-RC1 matt-nb8-mediatek-base netbsd-8-base prg-localcount2-base3 prg-localcount2-base2 prg-localcount2-base1 prg-localcount2-base pgoyette-localcount-20170426 bouyer-socketcan-base1 jdolecek-ncq-base pgoyette-localcount-20170320 nick-nhusb-base-20170204 bouyer-socketcan-base pgoyette-localcount-20170107 nick-nhusb-base-20161204 pgoyette-localcount-20161104
|
#
1.17 |
|
04-Oct-2016 |
sborrill |
Fix lookup of original destination address when using a redirect rule. This is required for transparent proxying by squid, for example.
|
Revision tags: nick-nhusb-base-20161004 localcount-20160914 pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base nick-nhusb-base-20160907 nick-nhusb-base-20160529 nick-nhusb-base-20160422 nick-nhusb-base-20160319
|
#
1.16 |
|
17-Mar-2016 |
khorben |
branches: 1.16.2; Fix matching of ICMP queries when NAT'd through IPF
This notably fixes MTU updates for hosts issueing ICMP queries through a NAT performed by NetBSD with IPF.
|
Revision tags: nick-nhusb-base-20151226
|
#
1.15 |
|
06-Oct-2015 |
prlw1 |
Update comments to match previous change (avoid panic in SIOCGNATL)
|
Revision tags: nick-nhusb-base-20150921
|
#
1.14 |
|
07-Aug-2015 |
prlw1 |
Avoid panic in SIOCGNATL dereferencing a NULL softc. Solution suggestion from Martin Husemann.
|
Revision tags: netbsd-7-0-RC2 netbsd-7-0-RC1 nick-nhusb-base-20150606 nick-nhusb-base-20150406 nick-nhusb-base netbsd-7-base tls-earlyentropy-base tls-maxphys-base
|
#
1.13 |
|
12-Jul-2014 |
darrenr |
branches: 1.13.2; 1.13.4; PR kern/47665 For ICMP packets, use the "oicmpid" and "nicmpid" fields explicitly rather than overloading those with "port" in them and expecting them to work.
|
#
1.12 |
|
28-Jun-2014 |
darrenr |
#537 NAT rules with sticky have incorrect hostmap IP address
|
Revision tags: yamt-pagecache-base9 riastradh-xf86-video-intel-2-7-1-pre-2-21-15 riastradh-drm2-base3 rmind-smpnet-nbase rmind-smpnet-base
|
#
1.11 |
|
27-Feb-2014 |
joerg |
branches: 1.11.2; Checking the return value of an allocator works better, when looking at the stored pointer.
|
#
1.10 |
|
14-Sep-2013 |
martin |
Remove unused variables
|
Revision tags: riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base agc-symver-base yamt-pagecache-base8
|
#
1.9 |
|
09-Jan-2013 |
christos |
branches: 1.9.2; Back out my last change, which was a partial fix for hash code computation problems. Apply Darren's more complete reworking of hash code computation. Ensure that the struct containing the red-black tree head is properly initialized. From Geoff Adams
|
#
1.8 |
|
05-Jan-2013 |
christos |
Fix bucket and chain counts on nat lists from Geoff Adams:
The problem was that ipf_nat_delete wasn't swapping inbound and outbound hash codes for inbound NAT entries, so it was essentially always looking in the wrong buckets in those cases. But because of the way the linked list works, I don't think any NAT entries were actually leaked. But since all the bucket counters and chain count were getting messed up, things did start to go bad after a while. (New NAT entries wouldn't be created, for instance.)
The fix is in the ipf_nat_delete function, itself; the other changes are a slight refactoring of one method and adding some comments that helped me figure out how the linked list with pointer-back-pointers worked.
Also note that I haven't looked through the logic in ipf_nat_rehash; it's likely that that might miss some things for the same reason.
I also haven't yet looked into the ipf_nat_newrdr problem with mappings already existing. That'll be next.
|
#
1.7 |
|
20-Dec-2012 |
christos |
- Replace the seemingly broken built-in ipf rbtree implementation with ours. - Fix typos in comments - Fix 2 mutex errors From Geoff Adams
|
Revision tags: yamt-pagecache-base7 yamt-pagecache-base6
|
#
1.6 |
|
30-Jul-2012 |
pgoyette |
branches: 1.6.2; Make ipf compile even without INET6 support.
Changes have been fed upstream (to darrenr@)
|
#
1.5 |
|
22-Jul-2012 |
darrenr |
ansify new function definition
|
#
1.4 |
|
22-Jul-2012 |
darrenr |
ansify new function definition
|
#
1.3 |
|
22-Jul-2012 |
darrenr |
Merge IPFilter 5.1.2 into HEAD
|
Revision tags: jmcneill-usbmp-base10 yamt-pagecache-base5 jmcneill-usbmp-base9 yamt-pagecache-base4 jmcneill-usbmp-base8
|
#
1.2 |
|
23-Mar-2012 |
christos |
branches: 1.2.2; 1.2.4; apply our changes. - prototypes - ip_h323_pxy.c is missing from the distribution - original tar distribution is missing <$>Id values in most files
|
#
1.1 |
|
23-Mar-2012 |
christos |
branches: 1.1.1; Initial revision
|
#
1.24 |
|
26-May-2021 |
christos |
Fix ip_nat memory leak and use-after-free, wrong element freed (Cy Schubert) https://cgit.freebsd.org/src/commit/?id=323a4e2c4e285e6f8eee8db3fe2cb74
|
Revision tags: cjep_staticlib_x-base thorpej-i2c-spi-conf-base thorpej-cfargs-base thorpej-futex-base
|
#
1.23 |
|
01-Aug-2020 |
maxv |
Remove #ifdef BRIDGE_IPF, compile in the code by default. Sent to tech-net@.
|
#
1.22 |
|
24-Jun-2020 |
jdolecek |
reduce stack usage in ipf_nat_ioctl()
also, in SIOCADNAT, make sure to not leak kernel data
|
Revision tags: netbsd-9-2-RELEASE netbsd-9-1-RELEASE bouyer-xenpvh-base2 phil-wifi-20200421 bouyer-xenpvh-base1 phil-wifi-20200411 bouyer-xenpvh-base is-mlppp-base phil-wifi-20200406 ad-namecache-base3 netbsd-9-0-RELEASE netbsd-9-0-RC2 ad-namecache-base2 ad-namecache-base1 ad-namecache-base netbsd-9-0-RC1 phil-wifi-20191119 netbsd-9-base phil-wifi-20190609 isaki-audio2-base
|
#
1.21 |
|
04-Feb-2019 |
mrg |
add fallthru comments.
|
Revision tags: pgoyette-compat-20190127 pgoyette-compat-20190118 pgoyette-compat-1226 pgoyette-compat-1126 pgoyette-compat-1020 pgoyette-compat-0930 pgoyette-compat-0906 pgoyette-compat-0728 phil-wifi-base pgoyette-compat-0625
|
#
1.20 |
|
03-Jun-2018 |
maxv |
branches: 1.20.2; Constify a bunch of global varialbes under ipf/ so that they land in .rodata (3472 bytes).
Also, remove ipf_tuneables[], unused.
|
Revision tags: pgoyette-compat-0521
|
#
1.19 |
|
03-May-2018 |
maxv |
Remove now unused tcpip.h includes. Some were already unused before.
|
Revision tags: pgoyette-compat-0502 pgoyette-compat-0422 pgoyette-compat-0415 pgoyette-compat-0407 pgoyette-compat-0330 pgoyette-compat-0322 pgoyette-compat-0315 pgoyette-compat-base tls-maxphys-base-20171202 nick-nhusb-base-20170825 perseant-stdc-iso10646-base
|
#
1.18 |
|
01-Jul-2017 |
khorben |
branches: 1.18.4; Typo
|
Revision tags: netbsd-8-2-RELEASE netbsd-8-1-RELEASE netbsd-8-1-RC1 netbsd-8-0-RELEASE netbsd-8-0-RC2 netbsd-8-0-RC1 matt-nb8-mediatek-base netbsd-8-base prg-localcount2-base3 prg-localcount2-base2 prg-localcount2-base1 prg-localcount2-base pgoyette-localcount-20170426 bouyer-socketcan-base1 jdolecek-ncq-base pgoyette-localcount-20170320 nick-nhusb-base-20170204 bouyer-socketcan-base pgoyette-localcount-20170107 nick-nhusb-base-20161204 pgoyette-localcount-20161104
|
#
1.17 |
|
04-Oct-2016 |
sborrill |
Fix lookup of original destination address when using a redirect rule. This is required for transparent proxying by squid, for example.
|
Revision tags: nick-nhusb-base-20161004 localcount-20160914 pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base nick-nhusb-base-20160907 nick-nhusb-base-20160529 nick-nhusb-base-20160422 nick-nhusb-base-20160319
|
#
1.16 |
|
17-Mar-2016 |
khorben |
branches: 1.16.2; Fix matching of ICMP queries when NAT'd through IPF
This notably fixes MTU updates for hosts issueing ICMP queries through a NAT performed by NetBSD with IPF.
|
Revision tags: nick-nhusb-base-20151226
|
#
1.15 |
|
06-Oct-2015 |
prlw1 |
Update comments to match previous change (avoid panic in SIOCGNATL)
|
Revision tags: nick-nhusb-base-20150921
|
#
1.14 |
|
07-Aug-2015 |
prlw1 |
Avoid panic in SIOCGNATL dereferencing a NULL softc. Solution suggestion from Martin Husemann.
|
Revision tags: netbsd-7-0-RC2 netbsd-7-0-RC1 nick-nhusb-base-20150606 nick-nhusb-base-20150406 nick-nhusb-base netbsd-7-base tls-earlyentropy-base tls-maxphys-base
|
#
1.13 |
|
12-Jul-2014 |
darrenr |
branches: 1.13.2; 1.13.4; PR kern/47665 For ICMP packets, use the "oicmpid" and "nicmpid" fields explicitly rather than overloading those with "port" in them and expecting them to work.
|
#
1.12 |
|
28-Jun-2014 |
darrenr |
#537 NAT rules with sticky have incorrect hostmap IP address
|
Revision tags: yamt-pagecache-base9 riastradh-xf86-video-intel-2-7-1-pre-2-21-15 riastradh-drm2-base3 rmind-smpnet-nbase rmind-smpnet-base
|
#
1.11 |
|
27-Feb-2014 |
joerg |
branches: 1.11.2; Checking the return value of an allocator works better, when looking at the stored pointer.
|
#
1.10 |
|
14-Sep-2013 |
martin |
Remove unused variables
|
Revision tags: riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base agc-symver-base yamt-pagecache-base8
|
#
1.9 |
|
09-Jan-2013 |
christos |
branches: 1.9.2; Back out my last change, which was a partial fix for hash code computation problems. Apply Darren's more complete reworking of hash code computation. Ensure that the struct containing the red-black tree head is properly initialized. From Geoff Adams
|
#
1.8 |
|
05-Jan-2013 |
christos |
Fix bucket and chain counts on nat lists from Geoff Adams:
The problem was that ipf_nat_delete wasn't swapping inbound and outbound hash codes for inbound NAT entries, so it was essentially always looking in the wrong buckets in those cases. But because of the way the linked list works, I don't think any NAT entries were actually leaked. But since all the bucket counters and chain count were getting messed up, things did start to go bad after a while. (New NAT entries wouldn't be created, for instance.)
The fix is in the ipf_nat_delete function, itself; the other changes are a slight refactoring of one method and adding some comments that helped me figure out how the linked list with pointer-back-pointers worked.
Also note that I haven't looked through the logic in ipf_nat_rehash; it's likely that that might miss some things for the same reason.
I also haven't yet looked into the ipf_nat_newrdr problem with mappings already existing. That'll be next.
|
#
1.7 |
|
20-Dec-2012 |
christos |
- Replace the seemingly broken built-in ipf rbtree implementation with ours. - Fix typos in comments - Fix 2 mutex errors From Geoff Adams
|
Revision tags: yamt-pagecache-base7 yamt-pagecache-base6
|
#
1.6 |
|
30-Jul-2012 |
pgoyette |
branches: 1.6.2; Make ipf compile even without INET6 support.
Changes have been fed upstream (to darrenr@)
|
#
1.5 |
|
22-Jul-2012 |
darrenr |
ansify new function definition
|
#
1.4 |
|
22-Jul-2012 |
darrenr |
ansify new function definition
|
#
1.3 |
|
22-Jul-2012 |
darrenr |
Merge IPFilter 5.1.2 into HEAD
|
Revision tags: jmcneill-usbmp-base10 yamt-pagecache-base5 jmcneill-usbmp-base9 yamt-pagecache-base4 jmcneill-usbmp-base8
|
#
1.2 |
|
23-Mar-2012 |
christos |
branches: 1.2.2; 1.2.4; apply our changes. - prototypes - ip_h323_pxy.c is missing from the distribution - original tar distribution is missing <$>Id values in most files
|
#
1.1 |
|
23-Mar-2012 |
christos |
branches: 1.1.1; Initial revision
|
#
1.23 |
|
01-Aug-2020 |
maxv |
Remove #ifdef BRIDGE_IPF, compile in the code by default. Sent to tech-net@.
|
#
1.22 |
|
24-Jun-2020 |
jdolecek |
reduce stack usage in ipf_nat_ioctl()
also, in SIOCADNAT, make sure to not leak kernel data
|
Revision tags: bouyer-xenpvh-base2 phil-wifi-20200421 bouyer-xenpvh-base1 phil-wifi-20200411 bouyer-xenpvh-base is-mlppp-base phil-wifi-20200406 ad-namecache-base3 netbsd-9-0-RELEASE netbsd-9-0-RC2 ad-namecache-base2 ad-namecache-base1 ad-namecache-base netbsd-9-0-RC1 phil-wifi-20191119 netbsd-9-base phil-wifi-20190609 isaki-audio2-base
|
#
1.21 |
|
04-Feb-2019 |
mrg |
add fallthru comments.
|
Revision tags: pgoyette-compat-20190127 pgoyette-compat-20190118 pgoyette-compat-1226 pgoyette-compat-1126 pgoyette-compat-1020 pgoyette-compat-0930 pgoyette-compat-0906 pgoyette-compat-0728 phil-wifi-base pgoyette-compat-0625
|
#
1.20 |
|
03-Jun-2018 |
maxv |
branches: 1.20.2; Constify a bunch of global varialbes under ipf/ so that they land in .rodata (3472 bytes).
Also, remove ipf_tuneables[], unused.
|
Revision tags: pgoyette-compat-0521
|
#
1.19 |
|
03-May-2018 |
maxv |
Remove now unused tcpip.h includes. Some were already unused before.
|
Revision tags: pgoyette-compat-0502 pgoyette-compat-0422 pgoyette-compat-0415 pgoyette-compat-0407 pgoyette-compat-0330 pgoyette-compat-0322 pgoyette-compat-0315 pgoyette-compat-base tls-maxphys-base-20171202 nick-nhusb-base-20170825 perseant-stdc-iso10646-base
|
#
1.18 |
|
01-Jul-2017 |
khorben |
branches: 1.18.4; Typo
|
Revision tags: netbsd-8-2-RELEASE netbsd-8-1-RELEASE netbsd-8-1-RC1 netbsd-8-0-RELEASE netbsd-8-0-RC2 netbsd-8-0-RC1 matt-nb8-mediatek-base netbsd-8-base prg-localcount2-base3 prg-localcount2-base2 prg-localcount2-base1 prg-localcount2-base pgoyette-localcount-20170426 bouyer-socketcan-base1 jdolecek-ncq-base pgoyette-localcount-20170320 nick-nhusb-base-20170204 bouyer-socketcan-base pgoyette-localcount-20170107 nick-nhusb-base-20161204 pgoyette-localcount-20161104
|
#
1.17 |
|
04-Oct-2016 |
sborrill |
Fix lookup of original destination address when using a redirect rule. This is required for transparent proxying by squid, for example.
|
Revision tags: nick-nhusb-base-20161004 localcount-20160914 pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base nick-nhusb-base-20160907 nick-nhusb-base-20160529 nick-nhusb-base-20160422 nick-nhusb-base-20160319
|
#
1.16 |
|
17-Mar-2016 |
khorben |
branches: 1.16.2; Fix matching of ICMP queries when NAT'd through IPF
This notably fixes MTU updates for hosts issueing ICMP queries through a NAT performed by NetBSD with IPF.
|
Revision tags: nick-nhusb-base-20151226
|
#
1.15 |
|
06-Oct-2015 |
prlw1 |
Update comments to match previous change (avoid panic in SIOCGNATL)
|
Revision tags: nick-nhusb-base-20150921
|
#
1.14 |
|
07-Aug-2015 |
prlw1 |
Avoid panic in SIOCGNATL dereferencing a NULL softc. Solution suggestion from Martin Husemann.
|
Revision tags: netbsd-7-0-RC2 netbsd-7-0-RC1 nick-nhusb-base-20150606 nick-nhusb-base-20150406 nick-nhusb-base netbsd-7-base tls-earlyentropy-base tls-maxphys-base
|
#
1.13 |
|
12-Jul-2014 |
darrenr |
branches: 1.13.2; 1.13.4; PR kern/47665 For ICMP packets, use the "oicmpid" and "nicmpid" fields explicitly rather than overloading those with "port" in them and expecting them to work.
|
#
1.12 |
|
28-Jun-2014 |
darrenr |
#537 NAT rules with sticky have incorrect hostmap IP address
|
Revision tags: yamt-pagecache-base9 riastradh-xf86-video-intel-2-7-1-pre-2-21-15 riastradh-drm2-base3 rmind-smpnet-nbase rmind-smpnet-base
|
#
1.11 |
|
27-Feb-2014 |
joerg |
branches: 1.11.2; Checking the return value of an allocator works better, when looking at the stored pointer.
|
#
1.10 |
|
14-Sep-2013 |
martin |
Remove unused variables
|
Revision tags: riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base agc-symver-base yamt-pagecache-base8
|
#
1.9 |
|
09-Jan-2013 |
christos |
branches: 1.9.2; Back out my last change, which was a partial fix for hash code computation problems. Apply Darren's more complete reworking of hash code computation. Ensure that the struct containing the red-black tree head is properly initialized. From Geoff Adams
|
#
1.8 |
|
05-Jan-2013 |
christos |
Fix bucket and chain counts on nat lists from Geoff Adams:
The problem was that ipf_nat_delete wasn't swapping inbound and outbound hash codes for inbound NAT entries, so it was essentially always looking in the wrong buckets in those cases. But because of the way the linked list works, I don't think any NAT entries were actually leaked. But since all the bucket counters and chain count were getting messed up, things did start to go bad after a while. (New NAT entries wouldn't be created, for instance.)
The fix is in the ipf_nat_delete function, itself; the other changes are a slight refactoring of one method and adding some comments that helped me figure out how the linked list with pointer-back-pointers worked.
Also note that I haven't looked through the logic in ipf_nat_rehash; it's likely that that might miss some things for the same reason.
I also haven't yet looked into the ipf_nat_newrdr problem with mappings already existing. That'll be next.
|
#
1.7 |
|
20-Dec-2012 |
christos |
- Replace the seemingly broken built-in ipf rbtree implementation with ours. - Fix typos in comments - Fix 2 mutex errors From Geoff Adams
|
Revision tags: yamt-pagecache-base7 yamt-pagecache-base6
|
#
1.6 |
|
30-Jul-2012 |
pgoyette |
branches: 1.6.2; Make ipf compile even without INET6 support.
Changes have been fed upstream (to darrenr@)
|
#
1.5 |
|
22-Jul-2012 |
darrenr |
ansify new function definition
|
#
1.4 |
|
22-Jul-2012 |
darrenr |
ansify new function definition
|
#
1.3 |
|
22-Jul-2012 |
darrenr |
Merge IPFilter 5.1.2 into HEAD
|
Revision tags: jmcneill-usbmp-base10 yamt-pagecache-base5 jmcneill-usbmp-base9 yamt-pagecache-base4 jmcneill-usbmp-base8
|
#
1.2 |
|
23-Mar-2012 |
christos |
branches: 1.2.2; 1.2.4; apply our changes. - prototypes - ip_h323_pxy.c is missing from the distribution - original tar distribution is missing <$>Id values in most files
|
#
1.1 |
|
23-Mar-2012 |
christos |
branches: 1.1.1; Initial revision
|
#
1.22 |
|
24-Jun-2020 |
jdolecek |
reduce stack usage in ipf_nat_ioctl()
also, in SIOCADNAT, make sure to not leak kernel data
|
Revision tags: bouyer-xenpvh-base2 phil-wifi-20200421 bouyer-xenpvh-base1 phil-wifi-20200411 bouyer-xenpvh-base is-mlppp-base phil-wifi-20200406 ad-namecache-base3 netbsd-9-0-RELEASE netbsd-9-0-RC2 ad-namecache-base2 ad-namecache-base1 ad-namecache-base netbsd-9-0-RC1 phil-wifi-20191119 netbsd-9-base phil-wifi-20190609 isaki-audio2-base
|
#
1.21 |
|
04-Feb-2019 |
mrg |
add fallthru comments.
|
Revision tags: pgoyette-compat-20190127 pgoyette-compat-20190118 pgoyette-compat-1226 pgoyette-compat-1126 pgoyette-compat-1020 pgoyette-compat-0930 pgoyette-compat-0906 pgoyette-compat-0728 phil-wifi-base pgoyette-compat-0625
|
#
1.20 |
|
03-Jun-2018 |
maxv |
branches: 1.20.2; Constify a bunch of global varialbes under ipf/ so that they land in .rodata (3472 bytes).
Also, remove ipf_tuneables[], unused.
|
Revision tags: pgoyette-compat-0521
|
#
1.19 |
|
03-May-2018 |
maxv |
Remove now unused tcpip.h includes. Some were already unused before.
|
Revision tags: pgoyette-compat-0502 pgoyette-compat-0422 pgoyette-compat-0415 pgoyette-compat-0407 pgoyette-compat-0330 pgoyette-compat-0322 pgoyette-compat-0315 pgoyette-compat-base tls-maxphys-base-20171202 nick-nhusb-base-20170825 perseant-stdc-iso10646-base
|
#
1.18 |
|
01-Jul-2017 |
khorben |
branches: 1.18.4; Typo
|
Revision tags: netbsd-8-2-RELEASE netbsd-8-1-RELEASE netbsd-8-1-RC1 netbsd-8-0-RELEASE netbsd-8-0-RC2 netbsd-8-0-RC1 matt-nb8-mediatek-base netbsd-8-base prg-localcount2-base3 prg-localcount2-base2 prg-localcount2-base1 prg-localcount2-base pgoyette-localcount-20170426 bouyer-socketcan-base1 jdolecek-ncq-base pgoyette-localcount-20170320 nick-nhusb-base-20170204 bouyer-socketcan-base pgoyette-localcount-20170107 nick-nhusb-base-20161204 pgoyette-localcount-20161104
|
#
1.17 |
|
04-Oct-2016 |
sborrill |
Fix lookup of original destination address when using a redirect rule. This is required for transparent proxying by squid, for example.
|
Revision tags: nick-nhusb-base-20161004 localcount-20160914 pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base nick-nhusb-base-20160907 nick-nhusb-base-20160529 nick-nhusb-base-20160422 nick-nhusb-base-20160319
|
#
1.16 |
|
17-Mar-2016 |
khorben |
branches: 1.16.2; Fix matching of ICMP queries when NAT'd through IPF
This notably fixes MTU updates for hosts issueing ICMP queries through a NAT performed by NetBSD with IPF.
|
Revision tags: nick-nhusb-base-20151226
|
#
1.15 |
|
06-Oct-2015 |
prlw1 |
Update comments to match previous change (avoid panic in SIOCGNATL)
|
Revision tags: nick-nhusb-base-20150921
|
#
1.14 |
|
07-Aug-2015 |
prlw1 |
Avoid panic in SIOCGNATL dereferencing a NULL softc. Solution suggestion from Martin Husemann.
|
Revision tags: netbsd-7-0-RC2 netbsd-7-0-RC1 nick-nhusb-base-20150606 nick-nhusb-base-20150406 nick-nhusb-base netbsd-7-base tls-earlyentropy-base tls-maxphys-base
|
#
1.13 |
|
12-Jul-2014 |
darrenr |
branches: 1.13.2; 1.13.4; PR kern/47665 For ICMP packets, use the "oicmpid" and "nicmpid" fields explicitly rather than overloading those with "port" in them and expecting them to work.
|
#
1.12 |
|
28-Jun-2014 |
darrenr |
#537 NAT rules with sticky have incorrect hostmap IP address
|
Revision tags: yamt-pagecache-base9 riastradh-xf86-video-intel-2-7-1-pre-2-21-15 riastradh-drm2-base3 rmind-smpnet-nbase rmind-smpnet-base
|
#
1.11 |
|
27-Feb-2014 |
joerg |
branches: 1.11.2; Checking the return value of an allocator works better, when looking at the stored pointer.
|
#
1.10 |
|
14-Sep-2013 |
martin |
Remove unused variables
|
Revision tags: riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base agc-symver-base yamt-pagecache-base8
|
#
1.9 |
|
09-Jan-2013 |
christos |
branches: 1.9.2; Back out my last change, which was a partial fix for hash code computation problems. Apply Darren's more complete reworking of hash code computation. Ensure that the struct containing the red-black tree head is properly initialized. From Geoff Adams
|
#
1.8 |
|
05-Jan-2013 |
christos |
Fix bucket and chain counts on nat lists from Geoff Adams:
The problem was that ipf_nat_delete wasn't swapping inbound and outbound hash codes for inbound NAT entries, so it was essentially always looking in the wrong buckets in those cases. But because of the way the linked list works, I don't think any NAT entries were actually leaked. But since all the bucket counters and chain count were getting messed up, things did start to go bad after a while. (New NAT entries wouldn't be created, for instance.)
The fix is in the ipf_nat_delete function, itself; the other changes are a slight refactoring of one method and adding some comments that helped me figure out how the linked list with pointer-back-pointers worked.
Also note that I haven't looked through the logic in ipf_nat_rehash; it's likely that that might miss some things for the same reason.
I also haven't yet looked into the ipf_nat_newrdr problem with mappings already existing. That'll be next.
|
#
1.7 |
|
20-Dec-2012 |
christos |
- Replace the seemingly broken built-in ipf rbtree implementation with ours. - Fix typos in comments - Fix 2 mutex errors From Geoff Adams
|
Revision tags: yamt-pagecache-base7 yamt-pagecache-base6
|
#
1.6 |
|
30-Jul-2012 |
pgoyette |
branches: 1.6.2; Make ipf compile even without INET6 support.
Changes have been fed upstream (to darrenr@)
|
#
1.5 |
|
22-Jul-2012 |
darrenr |
ansify new function definition
|
#
1.4 |
|
22-Jul-2012 |
darrenr |
ansify new function definition
|
#
1.3 |
|
22-Jul-2012 |
darrenr |
Merge IPFilter 5.1.2 into HEAD
|
Revision tags: jmcneill-usbmp-base10 yamt-pagecache-base5 jmcneill-usbmp-base9 yamt-pagecache-base4 jmcneill-usbmp-base8
|
#
1.2 |
|
23-Mar-2012 |
christos |
branches: 1.2.2; 1.2.4; apply our changes. - prototypes - ip_h323_pxy.c is missing from the distribution - original tar distribution is missing <$>Id values in most files
|
#
1.1 |
|
23-Mar-2012 |
christos |
branches: 1.1.1; Initial revision
|
Revision tags: isaki-audio2-base
|
#
1.21 |
|
04-Feb-2019 |
mrg |
add fallthru comments.
|
Revision tags: pgoyette-compat-20190127 pgoyette-compat-20190118 pgoyette-compat-1226 pgoyette-compat-1126 pgoyette-compat-1020 pgoyette-compat-0930 pgoyette-compat-0906 pgoyette-compat-0728 phil-wifi-base pgoyette-compat-0625
|
#
1.20 |
|
03-Jun-2018 |
maxv |
Constify a bunch of global varialbes under ipf/ so that they land in .rodata (3472 bytes).
Also, remove ipf_tuneables[], unused.
|
Revision tags: pgoyette-compat-0521
|
#
1.19 |
|
03-May-2018 |
maxv |
Remove now unused tcpip.h includes. Some were already unused before.
|
Revision tags: pgoyette-compat-0502 pgoyette-compat-0422 pgoyette-compat-0415 pgoyette-compat-0407 pgoyette-compat-0330 pgoyette-compat-0322 pgoyette-compat-0315 pgoyette-compat-base tls-maxphys-base-20171202 nick-nhusb-base-20170825 perseant-stdc-iso10646-base
|
#
1.18 |
|
01-Jul-2017 |
khorben |
branches: 1.18.4; Typo
|
Revision tags: netbsd-8-0-RELEASE netbsd-8-0-RC2 netbsd-8-0-RC1 matt-nb8-mediatek-base netbsd-8-base prg-localcount2-base3 prg-localcount2-base2 prg-localcount2-base1 prg-localcount2-base pgoyette-localcount-20170426 bouyer-socketcan-base1 jdolecek-ncq-base pgoyette-localcount-20170320 nick-nhusb-base-20170204 bouyer-socketcan-base pgoyette-localcount-20170107 nick-nhusb-base-20161204 pgoyette-localcount-20161104
|
#
1.17 |
|
04-Oct-2016 |
sborrill |
Fix lookup of original destination address when using a redirect rule. This is required for transparent proxying by squid, for example.
|
Revision tags: nick-nhusb-base-20161004 localcount-20160914 pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base nick-nhusb-base-20160907 nick-nhusb-base-20160529 nick-nhusb-base-20160422 nick-nhusb-base-20160319
|
#
1.16 |
|
17-Mar-2016 |
khorben |
branches: 1.16.2; Fix matching of ICMP queries when NAT'd through IPF
This notably fixes MTU updates for hosts issueing ICMP queries through a NAT performed by NetBSD with IPF.
|
Revision tags: nick-nhusb-base-20151226
|
#
1.15 |
|
06-Oct-2015 |
prlw1 |
Update comments to match previous change (avoid panic in SIOCGNATL)
|
Revision tags: nick-nhusb-base-20150921
|
#
1.14 |
|
07-Aug-2015 |
prlw1 |
Avoid panic in SIOCGNATL dereferencing a NULL softc. Solution suggestion from Martin Husemann.
|
Revision tags: netbsd-7-0-RC2 netbsd-7-0-RC1 nick-nhusb-base-20150606 nick-nhusb-base-20150406 nick-nhusb-base netbsd-7-base tls-earlyentropy-base tls-maxphys-base
|
#
1.13 |
|
12-Jul-2014 |
darrenr |
branches: 1.13.2; 1.13.4; PR kern/47665 For ICMP packets, use the "oicmpid" and "nicmpid" fields explicitly rather than overloading those with "port" in them and expecting them to work.
|
#
1.12 |
|
28-Jun-2014 |
darrenr |
#537 NAT rules with sticky have incorrect hostmap IP address
|
Revision tags: yamt-pagecache-base9 riastradh-xf86-video-intel-2-7-1-pre-2-21-15 riastradh-drm2-base3 rmind-smpnet-nbase rmind-smpnet-base
|
#
1.11 |
|
27-Feb-2014 |
joerg |
branches: 1.11.2; Checking the return value of an allocator works better, when looking at the stored pointer.
|
#
1.10 |
|
14-Sep-2013 |
martin |
Remove unused variables
|
Revision tags: riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base agc-symver-base yamt-pagecache-base8
|
#
1.9 |
|
09-Jan-2013 |
christos |
branches: 1.9.2; Back out my last change, which was a partial fix for hash code computation problems. Apply Darren's more complete reworking of hash code computation. Ensure that the struct containing the red-black tree head is properly initialized. From Geoff Adams
|
#
1.8 |
|
05-Jan-2013 |
christos |
Fix bucket and chain counts on nat lists from Geoff Adams:
The problem was that ipf_nat_delete wasn't swapping inbound and outbound hash codes for inbound NAT entries, so it was essentially always looking in the wrong buckets in those cases. But because of the way the linked list works, I don't think any NAT entries were actually leaked. But since all the bucket counters and chain count were getting messed up, things did start to go bad after a while. (New NAT entries wouldn't be created, for instance.)
The fix is in the ipf_nat_delete function, itself; the other changes are a slight refactoring of one method and adding some comments that helped me figure out how the linked list with pointer-back-pointers worked.
Also note that I haven't looked through the logic in ipf_nat_rehash; it's likely that that might miss some things for the same reason.
I also haven't yet looked into the ipf_nat_newrdr problem with mappings already existing. That'll be next.
|
#
1.7 |
|
20-Dec-2012 |
christos |
- Replace the seemingly broken built-in ipf rbtree implementation with ours. - Fix typos in comments - Fix 2 mutex errors From Geoff Adams
|
Revision tags: yamt-pagecache-base7 yamt-pagecache-base6
|
#
1.6 |
|
30-Jul-2012 |
pgoyette |
branches: 1.6.2; Make ipf compile even without INET6 support.
Changes have been fed upstream (to darrenr@)
|
#
1.5 |
|
22-Jul-2012 |
darrenr |
ansify new function definition
|
#
1.4 |
|
22-Jul-2012 |
darrenr |
ansify new function definition
|
#
1.3 |
|
22-Jul-2012 |
darrenr |
Merge IPFilter 5.1.2 into HEAD
|
Revision tags: jmcneill-usbmp-base10 yamt-pagecache-base5 jmcneill-usbmp-base9 yamt-pagecache-base4 jmcneill-usbmp-base8
|
#
1.2 |
|
23-Mar-2012 |
christos |
branches: 1.2.2; 1.2.4; apply our changes. - prototypes - ip_h323_pxy.c is missing from the distribution - original tar distribution is missing <$>Id values in most files
|
#
1.1 |
|
23-Mar-2012 |
christos |
branches: 1.1.1; Initial revision
|
#
1.18 |
|
01-Jul-2017 |
khorben |
Typo
|
Revision tags: netbsd-8-base prg-localcount2-base3 prg-localcount2-base2 prg-localcount2-base1 prg-localcount2-base pgoyette-localcount-20170426 bouyer-socketcan-base1 jdolecek-ncq-base pgoyette-localcount-20170320 nick-nhusb-base-20170204 bouyer-socketcan-base pgoyette-localcount-20170107 nick-nhusb-base-20161204 pgoyette-localcount-20161104
|
#
1.17 |
|
04-Oct-2016 |
sborrill |
Fix lookup of original destination address when using a redirect rule. This is required for transparent proxying by squid, for example.
|
Revision tags: nick-nhusb-base-20161004 localcount-20160914 pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base nick-nhusb-base-20160907 nick-nhusb-base-20160529 nick-nhusb-base-20160422 nick-nhusb-base-20160319
|
#
1.16 |
|
17-Mar-2016 |
khorben |
branches: 1.16.2; Fix matching of ICMP queries when NAT'd through IPF
This notably fixes MTU updates for hosts issueing ICMP queries through a NAT performed by NetBSD with IPF.
|
Revision tags: nick-nhusb-base-20151226
|
#
1.15 |
|
06-Oct-2015 |
prlw1 |
Update comments to match previous change (avoid panic in SIOCGNATL)
|
Revision tags: nick-nhusb-base-20150921
|
#
1.14 |
|
07-Aug-2015 |
prlw1 |
Avoid panic in SIOCGNATL dereferencing a NULL softc. Solution suggestion from Martin Husemann.
|
Revision tags: netbsd-7-0-RC2 netbsd-7-0-RC1 nick-nhusb-base-20150606 nick-nhusb-base-20150406 nick-nhusb-base netbsd-7-base tls-earlyentropy-base tls-maxphys-base
|
#
1.13 |
|
12-Jul-2014 |
darrenr |
branches: 1.13.2; 1.13.4; PR kern/47665 For ICMP packets, use the "oicmpid" and "nicmpid" fields explicitly rather than overloading those with "port" in them and expecting them to work.
|
#
1.12 |
|
28-Jun-2014 |
darrenr |
#537 NAT rules with sticky have incorrect hostmap IP address
|
Revision tags: yamt-pagecache-base9 riastradh-xf86-video-intel-2-7-1-pre-2-21-15 riastradh-drm2-base3 rmind-smpnet-nbase rmind-smpnet-base
|
#
1.11 |
|
27-Feb-2014 |
joerg |
branches: 1.11.2; Checking the return value of an allocator works better, when looking at the stored pointer.
|
#
1.10 |
|
14-Sep-2013 |
martin |
Remove unused variables
|
Revision tags: riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base agc-symver-base yamt-pagecache-base8
|
#
1.9 |
|
09-Jan-2013 |
christos |
branches: 1.9.2; Back out my last change, which was a partial fix for hash code computation problems. Apply Darren's more complete reworking of hash code computation. Ensure that the struct containing the red-black tree head is properly initialized. From Geoff Adams
|
#
1.8 |
|
05-Jan-2013 |
christos |
Fix bucket and chain counts on nat lists from Geoff Adams:
The problem was that ipf_nat_delete wasn't swapping inbound and outbound hash codes for inbound NAT entries, so it was essentially always looking in the wrong buckets in those cases. But because of the way the linked list works, I don't think any NAT entries were actually leaked. But since all the bucket counters and chain count were getting messed up, things did start to go bad after a while. (New NAT entries wouldn't be created, for instance.)
The fix is in the ipf_nat_delete function, itself; the other changes are a slight refactoring of one method and adding some comments that helped me figure out how the linked list with pointer-back-pointers worked.
Also note that I haven't looked through the logic in ipf_nat_rehash; it's likely that that might miss some things for the same reason.
I also haven't yet looked into the ipf_nat_newrdr problem with mappings already existing. That'll be next.
|
#
1.7 |
|
20-Dec-2012 |
christos |
- Replace the seemingly broken built-in ipf rbtree implementation with ours. - Fix typos in comments - Fix 2 mutex errors From Geoff Adams
|
Revision tags: yamt-pagecache-base7 yamt-pagecache-base6
|
#
1.6 |
|
30-Jul-2012 |
pgoyette |
branches: 1.6.2; Make ipf compile even without INET6 support.
Changes have been fed upstream (to darrenr@)
|
#
1.5 |
|
22-Jul-2012 |
darrenr |
ansify new function definition
|
#
1.4 |
|
22-Jul-2012 |
darrenr |
ansify new function definition
|
#
1.3 |
|
22-Jul-2012 |
darrenr |
Merge IPFilter 5.1.2 into HEAD
|
Revision tags: jmcneill-usbmp-base10 yamt-pagecache-base5 jmcneill-usbmp-base9 yamt-pagecache-base4 jmcneill-usbmp-base8
|
#
1.2 |
|
23-Mar-2012 |
christos |
branches: 1.2.2; 1.2.4; apply our changes. - prototypes - ip_h323_pxy.c is missing from the distribution - original tar distribution is missing <$>Id values in most files
|
#
1.1 |
|
23-Mar-2012 |
christos |
branches: 1.1.1; Initial revision
|
Revision tags: nick-nhusb-base-20161204 pgoyette-localcount-20161104
|
#
1.17 |
|
04-Oct-2016 |
sborrill |
Fix lookup of original destination address when using a redirect rule. This is required for transparent proxying by squid, for example.
|
Revision tags: nick-nhusb-base-20161004 localcount-20160914 pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base nick-nhusb-base-20160907 nick-nhusb-base-20160529 nick-nhusb-base-20160422 nick-nhusb-base-20160319
|
#
1.16 |
|
17-Mar-2016 |
khorben |
branches: 1.16.2; Fix matching of ICMP queries when NAT'd through IPF
This notably fixes MTU updates for hosts issueing ICMP queries through a NAT performed by NetBSD with IPF.
|
Revision tags: nick-nhusb-base-20151226
|
#
1.15 |
|
06-Oct-2015 |
prlw1 |
Update comments to match previous change (avoid panic in SIOCGNATL)
|
Revision tags: nick-nhusb-base-20150921
|
#
1.14 |
|
07-Aug-2015 |
prlw1 |
Avoid panic in SIOCGNATL dereferencing a NULL softc. Solution suggestion from Martin Husemann.
|
Revision tags: netbsd-7-0-RC2 netbsd-7-0-RC1 nick-nhusb-base-20150606 nick-nhusb-base-20150406 nick-nhusb-base netbsd-7-base tls-earlyentropy-base tls-maxphys-base
|
#
1.13 |
|
12-Jul-2014 |
darrenr |
branches: 1.13.2; 1.13.4; PR kern/47665 For ICMP packets, use the "oicmpid" and "nicmpid" fields explicitly rather than overloading those with "port" in them and expecting them to work.
|
#
1.12 |
|
28-Jun-2014 |
darrenr |
#537 NAT rules with sticky have incorrect hostmap IP address
|
Revision tags: yamt-pagecache-base9 riastradh-xf86-video-intel-2-7-1-pre-2-21-15 riastradh-drm2-base3 rmind-smpnet-nbase rmind-smpnet-base
|
#
1.11 |
|
27-Feb-2014 |
joerg |
branches: 1.11.2; Checking the return value of an allocator works better, when looking at the stored pointer.
|
#
1.10 |
|
14-Sep-2013 |
martin |
Remove unused variables
|
Revision tags: riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base agc-symver-base yamt-pagecache-base8
|
#
1.9 |
|
09-Jan-2013 |
christos |
branches: 1.9.2; Back out my last change, which was a partial fix for hash code computation problems. Apply Darren's more complete reworking of hash code computation. Ensure that the struct containing the red-black tree head is properly initialized. From Geoff Adams
|
#
1.8 |
|
05-Jan-2013 |
christos |
Fix bucket and chain counts on nat lists from Geoff Adams:
The problem was that ipf_nat_delete wasn't swapping inbound and outbound hash codes for inbound NAT entries, so it was essentially always looking in the wrong buckets in those cases. But because of the way the linked list works, I don't think any NAT entries were actually leaked. But since all the bucket counters and chain count were getting messed up, things did start to go bad after a while. (New NAT entries wouldn't be created, for instance.)
The fix is in the ipf_nat_delete function, itself; the other changes are a slight refactoring of one method and adding some comments that helped me figure out how the linked list with pointer-back-pointers worked.
Also note that I haven't looked through the logic in ipf_nat_rehash; it's likely that that might miss some things for the same reason.
I also haven't yet looked into the ipf_nat_newrdr problem with mappings already existing. That'll be next.
|
#
1.7 |
|
20-Dec-2012 |
christos |
- Replace the seemingly broken built-in ipf rbtree implementation with ours. - Fix typos in comments - Fix 2 mutex errors From Geoff Adams
|
Revision tags: yamt-pagecache-base7 yamt-pagecache-base6
|
#
1.6 |
|
30-Jul-2012 |
pgoyette |
branches: 1.6.2; Make ipf compile even without INET6 support.
Changes have been fed upstream (to darrenr@)
|
#
1.5 |
|
22-Jul-2012 |
darrenr |
ansify new function definition
|
#
1.4 |
|
22-Jul-2012 |
darrenr |
ansify new function definition
|
#
1.3 |
|
22-Jul-2012 |
darrenr |
Merge IPFilter 5.1.2 into HEAD
|
Revision tags: jmcneill-usbmp-base10 yamt-pagecache-base5 jmcneill-usbmp-base9 yamt-pagecache-base4 jmcneill-usbmp-base8
|
#
1.2 |
|
23-Mar-2012 |
christos |
branches: 1.2.2; 1.2.4; apply our changes. - prototypes - ip_h323_pxy.c is missing from the distribution - original tar distribution is missing <$>Id values in most files
|
#
1.1 |
|
23-Mar-2012 |
christos |
branches: 1.1.1; Initial revision
|