![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / sys / net
Request diff between arbitrary revisions
Default branch: MAIN
Current tag: OPENBSD_3_5
Revision 1.433.2.8 / (download) - annotate - [select for diffs], Sat Feb 19 22:47:44 2005 UTC (19 years, 3 months ago) by brad
Branch: OPENBSD_3_5
Changes since 1.433.2.7: +2 -2 lines
Diff to previous 1.433.2.7 (colored) to branchpoint 1.433 (colored) next main 1.434 (colored)
MFC: Fix by dhartmei@ Use the packet's address family instead of the rule's when selecting a replacement address for an rdr rule. Some rdr rules have no address family (when the replacement is a table and no other criterion implies one AF). In this case, pf would fail to select a replacement address and drop the packet due to translation failure. Found by Gustavo A. Baratto. ok deraadt@ dhartmei@
Revision 1.433.2.7 / (download) - annotate - [select for diffs], Thu Jan 6 14:15:43 2005 UTC (19 years, 5 months ago) by brad
Branch: OPENBSD_3_5
Changes since 1.433.2.6: +4 -4 lines
Diff to previous 1.433.2.6 (colored) to branchpoint 1.433 (colored)
MFC: Fix by dhartmei@ ICMP state entries use the ICMP ID as port for the unique state key. When checking for a usable key, construct the key in the same way. Otherwise, a colliding key might be missed or a state insertion might be refused even though it could be inserted. The second case triggers the endless loop fixed by 1.474, possibly allowing a NATed LAN client to lock up the kernel. Report and test data by Srebrenko Sehic. ok deraadt@
Revision 1.433.2.6 / (download) - annotate - [select for diffs], Sun Dec 19 18:52:27 2004 UTC (19 years, 5 months ago) by brad
Branch: OPENBSD_3_5
Changes since 1.433.2.5: +7 -4 lines
Diff to previous 1.433.2.5 (colored) to branchpoint 1.433 (colored)
MFC: Fix by dhartmei@ IPv6 packets can contain headers (like options) before the TCP/UDP/ICMP6 header. pf finds the first TCP/UDP/ICMP6 header to filter by traversing the header chain. In the case where headers are skipped, the protocol checksum verification used the wrong length (included the skipped headers), leading to incorrectly mismatching checksums. Such IPv6 packets with headers were silently dropped. Reported by Bernhard Schmidt. ok deraadt@ dhartmei@ mcbride@
Revision 1.433.2.5 / (download) - annotate - [select for diffs], Thu Dec 16 02:05:39 2004 UTC (19 years, 6 months ago) by brad
Branch: OPENBSD_3_5
Changes since 1.433.2.4: +3 -1 lines
Diff to previous 1.433.2.4 (colored) to branchpoint 1.433 (colored)
MFC: Fix by mcbride@ Initialise init_addr in pf_map_addr() in the PF_POOL_ROUNDROBIN, prevents a possible endless loop in pf_get_sport() with 'static-port' Reported by adm at celeritystorm dot com in FreeBSD PR74930, debugging by dhartmei@ ok mcbride@ dhartmei@ deraadt@ henning@
Revision 1.433.2.4 / (download) - annotate - [select for diffs], Sun Nov 28 19:55:33 2004 UTC (19 years, 6 months ago) by brad
Branch: OPENBSD_3_5
Changes since 1.433.2.3: +2 -2 lines
Diff to previous 1.433.2.3 (colored) to branchpoint 1.433 (colored)
MFC: Fix by dhartmei@ fix a bug that leads to a crash when binat rules of the form 'binat from ... to ... -> (if)' are used, where the interface is dynamic. reported by kos(at)bastard(dot)net, analyzed by Pyun YongHyeon ok deraadt@
Revision 1.433.2.3 / (download) - annotate - [select for diffs], Sat Nov 13 23:24:37 2004 UTC (19 years, 7 months ago) by brad
Branch: OPENBSD_3_5
Changes since 1.433.2.2: +4 -11 lines
Diff to previous 1.433.2.2 (colored) to branchpoint 1.433 (colored)
MFC: Fix by dhartmei@ For RST generated due to state mismatch during handshake, don't set th_flags TH_ACK and leave th_ack 0, just like the RST generated by the stack in this case. Fixes the Raptor workaround. ok deraadt@ dhartmei@
Revision 1.433.2.2 / (download) - annotate - [select for diffs], Sat Jul 17 03:22:34 2004 UTC (19 years, 11 months ago) by brad
Branch: OPENBSD_3_5
Changes since 1.433.2.1: +53 -42 lines
Diff to previous 1.433.2.1 (colored) to branchpoint 1.433 (colored)
MFC: Fix by dhartmei@ change pf_route() loop detection: introduce a counter (number of times a packet is routed already) in the mbuf tag, allow at most four times. Fixes some legitimate cases broken by the previous change. ok deraadt@ dhartmei@
Revision 1.433.2.1 / (download) - annotate - [select for diffs], Fri Apr 30 21:46:33 2004 UTC (20 years, 1 month ago) by brad
Branch: OPENBSD_3_5
Changes since 1.433: +8 -11 lines
Diff to previous 1.433 (colored)
MFC: Fix by dhartmei@ prevent an endless loop with route-to lo0, fixes PR 3736 ok deraadt@ dhartmei@
Revision 1.433 / (download) - annotate - [select for diffs], Fri Mar 26 22:20:57 2004 UTC (20 years, 2 months ago) by dhartmei
Branch: MAIN
CVS Tags: OPENBSD_3_5_BASE
Branch point for: OPENBSD_3_5
Changes since 1.432: +9 -4 lines
Diff to previous 1.432 (colored)
Properly m_copyback() modified TCP sequence number after demodulation ok mcbride@, henning@, cedric@, deraadt@