1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-26 11:47:31 +00:00
freebsd/sys/netpfil/pf
Gleb Smirnoff 8fc6e19c2c Merge 1.12 of pf_lb.c from OpenBSD, with some changes. Original commit:
date: 2010/02/04 14:10:12;  author: sthen;  state: Exp;  lines: +24 -19;
  pf_get_sport() picks a random port from the port range specified in a
  nat rule. It should check to see if it's in-use (i.e. matches an existing
  PF state), if it is, it cycles sequentially through other ports until
  it finds a free one. However the check was being done with the state
  keys the wrong way round so it was never actually finding the state
  to be in-use.

  - switch the keys to correct this, avoiding random state collisions
  with nat. Fixes PR 6300 and problems reported by robert@ and viq.

  - check pf_get_sport() return code in pf_test(); if port allocation
  fails the packet should be dropped rather than sent out untranslated.

  Help/ok claudio@.

Some additional changes to 1.12:

- We also need to bzero() the key to zero padding, otherwise key
  won't match.
- Collapse two if blocks into one with ||, since both conditions
  lead to the same processing.
- Only naddr changes in the cycle, so move initialization of other
  fields above the cycle.
- s/u_intXX_t/uintXX_t/g

PR:		kern/181690
Submitted by:	Olivier Cochard-Labbé <olivier cochard.me>
Sponsored by:	Nginx, Inc.
2013-09-02 10:14:25 +00:00
..
if_pflog.c Add const qualifier to the dst parameter of the ifnet if_output method. 2013-04-26 12:50:32 +00:00
if_pfsync.c Fix a possible NULL-pointer dereference on the pfsync(4) reconfiguration. 2013-07-29 13:17:18 +00:00
in4_cksum.c
pf_if.c In netpfil/pf: 2012-12-28 09:19:49 +00:00
pf_ioctl.c Fix DIOCADDSTATE operation. 2013-05-11 17:58:26 +00:00
pf_lb.c Merge 1.12 of pf_lb.c from OpenBSD, with some changes. Original commit: 2013-09-02 10:14:25 +00:00
pf_norm.c In netpfil/pf: 2012-12-28 09:19:49 +00:00
pf_osfp.c In netpfil/pf: 2012-12-28 09:19:49 +00:00
pf_ruleset.c In netpfil/pf: 2012-12-28 09:19:49 +00:00
pf_table.c In netpfil/pf: 2012-12-28 09:19:49 +00:00
pf.c Add m_clrprotoflags() to clear protocol specific mbuf flags at up and 2013-08-19 13:27:32 +00:00