Commit Graph

102 Commits

Author SHA1 Message Date
kochi
62f4a841c7 Fix return without free (resource leakage).
Detected by Coverity (CID 2309).
2006-04-13 08:43:17 +00:00
kochi
656c03f555 This is better fix than the previous commit for
saner cleanup path.
2006-04-13 07:31:29 +00:00
kochi
691e781111 Fix usage after free of NextWalkState.
Closes Coverity CID 2672 and this is reported to intel people.
2006-04-13 07:21:20 +00:00
cube
7db196715b Protect config(1)-generated include files inclusion with
#ifdef _KERNEL_OPT.  ACPI-CA might be used by standalone code in the
future.  Suggested by cherry@.
2006-04-07 13:49:20 +00:00
martti
7967220333 Removed BROKEN_TCP_WINDOW_CHECK hack. 2006-04-04 16:19:05 +00:00
martti
9ea58d54bc Upgraded IPFilter to 4.1.13 2006-04-04 16:17:18 +00:00
kochi
ec7315b11c Moved from sys/dev/acpi/acpica/Subsystem.
suggested by cube.
2006-03-23 13:36:31 +00:00
christos
5a57baa413 don't use MALLOC with a non-constant size; use malloc instead. 2006-03-17 23:29:07 +00:00
lukem
a1f606d3fd Use the SI capitalization for "Hz", "kHz", and "MHz" in comments and strings.
Add a space between numbers and Hz unit.
2006-03-08 23:46:22 +00:00
peter
8f83cde4e3 Fix TCP/UDP checksum handling as pointed out by Daniel Hartmeier in:
http://mail-index.netbsd.org/tech-net/2006/01/21/0000.html.

Problem reported and patch tested by der Mouse & Nino Dehne (PR/32874).
2006-02-19 12:15:33 +00:00
rpaulo
99513cfd59 In pf_socket_lookup() fix copy & paste problem when in6_pcblookup_bind()
returns NULL.
2006-02-07 22:53:03 +00:00
peter
10f6d07582 apply a fix from OpenBSD:
> revision 1.104
> date: 2006/01/18 22:03:21;  author: dhartmei;  state: Exp;  lines: +2 -2
> fix a bug in the fragment cache (used for 'scrub fragment crop/drop-ovl',
> but not 'fragment reassemble'), which can cause some fragments to get
> inserted into the cache twice, thereby violating an invariant, and panic-
> ing the system subsequently. ok deraadt@
2006-01-25 10:45:20 +00:00
peter
5d1968b1c0 Include netinet/in.h, for compatibility with OpenBSD (we #ifdef'ed out a
header which includes netinet/in.h on OpenBSD).

Pointed out by Thomas E. Spanjaard.
No objection from yamt@.
2006-01-17 12:24:53 +00:00
christos
97dec287fc make the kernel link without options INET.
XXX: this is of dubious use.
2005-12-28 09:29:48 +00:00
christos
08e11b2039 make this compile with no INET options. 2005-12-28 09:05:54 +00:00
christos
95e1ffb156 merge ktrace-lwp. 2005-12-11 12:16:03 +00:00
christos
a751ffb4fe Adjust for icmp_error signature. 2005-10-23 19:40:20 +00:00
yamt
3a2482b78f fr_check_wrapper6: handle M_CSUM_TCPv6|M_CSUM_UDPv6. 2005-08-11 13:01:38 +00:00
yamt
bbfb2033ff pfil6_wrapper: handle M_CSUM_TCPv6|M_CSUM_UDPv6. 2005-08-11 13:01:24 +00:00
yamt
d6d72a6dc9 wrap INET only code by #if defined(INET). (in __NetBSD__ part) 2005-08-06 11:22:39 +00:00
peter
84fa01a154 pf_test() can set *mp to NULL, check for this before de-referencing it.
From Akihiro Sagawa in PR/30835.
2005-07-26 13:09:23 +00:00
christos
b132d4d5fd Fix typo 2005-07-10 09:22:56 +00:00
christos
4a35068121 Small correction to skd's patch from darren. 2005-07-10 05:49:38 +00:00
christos
20dd96aff1 Don't drop fragments that are smalled than the ip header size. From skd 2005-07-09 14:51:11 +00:00
peter
9710741485 Resolve conflicts (pf from OpenBSD 3.7, kernel part). 2005-07-01 12:37:34 +00:00
lukem
fd8956d5fa Use an "XXXGCC -Wuninitalized" style that is consistent with that used
elsewhere in the tree.
2005-06-15 01:48:20 +00:00
jmc
6724401235 Cleanup XXGCC in a few places to make it easier to see. 2005-06-14 21:20:30 +00:00
jmc
c3073778d2 Fix unitialized warnings that only crop up on m68k. XXGCC taggedd 2005-06-13 20:33:53 +00:00
darrenr
4e1ba8b46a bin/29508 - fix "ipf -T" - kernel wasn't setting ipft_cookie and userland
was expecting it to be set, thus ignored it.
bin/29509 - because ipft_cookie wasn't reset to 0 before making the ioctl
call for each variable, only the first name to find was used, each successive
call just used the cookie.
CVn: ----------------------------------------------------------------------
2005-06-11 12:31:40 +00:00
darrenr
e5f523e30c Using USE_SPL should be done after the last place it is defined. 2005-06-11 12:12:59 +00:00
darrenr
486aaa2c70 kern/30082 - fr_check() is missing SPL_NET() macros for non-mutex using
platforms, allowing it to be preempted and restarted in an inconsistent
state.
2005-06-11 11:25:28 +00:00
yamt
656adb750b pf_reassemble: clear stale csum_flags. 2005-06-08 11:50:46 +00:00
christos
f9aeac0ab7 - sprinkle const
- avoid variable shadowing.
2005-05-29 21:57:49 +00:00
christos
966656bbac more fallout from so_uid -> so_uidinfo. 2005-05-07 19:59:56 +00:00
martti
58b8abcbf8 Upgraded IPFilter to 4.1.8 2005-04-03 15:05:30 +00:00
martti
c775aec128 Import IPFilter 4.1.8 2005-04-03 15:01:04 +00:00
christos
3136f75efa defopt IPFILTER_DEFAULT_BLOCK 2005-03-26 18:08:42 +00:00
peter
851064ccf9 Fix a GCC warning when compiling on evbppc.
From FUKAUMI Naoki in PR #29669.
2005-03-15 18:08:59 +00:00
hannken
4e0e09fd14 frpr_udpcommon() failed to handle fragmented packets. Packets with less than
8 bytes of data were dropped.

- If the packet is a fragment, return. There is no UDP header in this case.
- Don't set the FI_SHORT flag. Already tested in `frpr_short()'.
- Remove unneeded test `!fin->fin_off'.

Approved by: Christos Zoulas <christos@netbsd.org>
2005-03-07 13:59:30 +00:00
christos
2a8316cc91 Add a change lost in the transition from 4.1.3->4.1.6. Don't block packets
for which we cannot add state. Explanation in the code. Fixes PR/29560.
2005-03-01 13:41:43 +00:00
itojun
57eaa97695 with IPv6 intermediate host will not perform PMTUD. ip6_getpmtu() is for
end node cases, so do not use it.
2005-02-28 09:26:36 +00:00
martin
65c3e91025 When we call m_makewritable() the mbuf might be copied - so don't use
stale mtod()'d pointers from before.
2005-02-21 22:01:52 +00:00
martti
460bbcc960 Upgraded IPFilter to 4.1.6 2005-02-19 21:30:24 +00:00
martti
76b5d9e30f Import IPFilter 4.1.6 2005-02-19 21:26:02 +00:00
christos
a05a0bbcb8 Deal with possibly uninitialized variable, and tidy up a bit. 2005-02-17 04:14:31 +00:00
christos
9606238d80 There were more broken things aside from the __'s missing. 2005-02-17 03:12:36 +00:00
christos
0a15d30196 Don't forget the trailing __'s in NetBSD Version. Should fix PR/29407. 2005-02-17 02:26:51 +00:00
peter
41ea7e91a7 Merge in a fix from OPENBSD_3_6.
ok yamt@

> MFC:
> Fix by dhartmei@
>
> replace finer-grained spl locking in pfioctl() with a single broad lock
> around the entire body. this resolves the (misleading) panics in
> pf_tag_packet() during heavy ioctl operations (like when using authpf)
> that occur because softclock can interrupt ioctl on i386 since SMP.
> patch from camield@.
2005-02-14 21:28:33 +00:00
peter
1b4e743b06 Merge in a fix from OPENBSD_3_6.
ok yamt@

> MFC:
> Fix by dhartmei@
>
> ICMP state entries use the ICMP ID as port for the unique state key. When
> checking for a usable key, construct the key in the same way. Otherwise,
> a colliding key might be missed or a state insertion might be refused even
> though it could be inserted. The second case triggers the endless loop
> fixed by 1.474, possibly allowing a NATed LAN client to lock up the kernel.
> Report and test data by Srebrenko Sehic.
2005-02-14 21:27:26 +00:00
christos
1b198d8f16 size_t should be cast'ed to unsigned long. 2005-02-09 23:42:30 +00:00