Commit Graph

115 Commits

Author SHA1 Message Date
peter
a3fa0e8e3f Initialize h4 and h6 to NULL.
Fixes a panic reported by Mipam on -current-users.
2006-05-23 22:24:32 +00:00
christos
a75306c3a4 Fix strict aliasing issues and while I am here fix a memory leak on error 2006-05-21 04:30:03 +00:00
elad
fc9422c9d9 integrate kauth. 2006-05-14 21:31:52 +00:00
christos
ca0ec852e6 XXX: GCC uninitialized 2006-05-14 03:40:02 +00:00
martti
0f3d8a43c2 Make sure IPF can correctly pullup short headers. Patch received from
darrenr@. This fixes kern/33423.
2006-05-11 07:37:09 +00:00
mrg
84ab62db88 quell GCC 4.1 uninitialised variable warnings.
XXX: we should audit the tree for which old ones are no longer needed
after getting the older compilers out of the tree..
2006-05-11 01:08:38 +00:00
mrg
1e7e4f5c0c caddr_t -> u_char *, to match the variable type 2006-05-11 01:08:19 +00:00
mrg
5755809507 - include <sys/selinfo.h> on BSD, for ipfselwait[].
- mask off the bits that don't fit in IP_HL_A().
2006-05-11 01:07:01 +00:00
mrg
084c052803 quell GCC 4.1 uninitialised variable warnings.
XXX: we should audit the tree for which old ones are no longer needed
after getting the older compilers out of the tree..
2006-05-10 21:53:14 +00:00
darrenr
0df9b5fe68 ipf -Z returns junk and/or can cause a panic (seen on solaris.) 2006-04-18 12:40:49 +00:00
darrenr
b817a6b4f0 This change corrects what 1.6 tried to do. This feels like a coverity fix
for a code path that should never actually happen (fr_newauth() should only
be called for auth rules - i.e. when fin_fr != NULL.  If it is possible to
call fr_newauth() with fin_fr == NULL then this change introduces a
regression compared to prior importing of 4.1.13.
2006-04-15 13:58:43 +00:00
garbled
2355e5cd00 Fix a typo. fin->fin->fr should be fin->fin_fr 2006-04-14 04:32:26 +00:00
christos
0a1c2ab0b8 Coverity CID 2855: If fin->fin_fr is NULL, return 0, don't crash. 2006-04-13 18:59:58 +00:00
kochi
62f4a841c7 Fix return without free (resource leakage).
Detected by Coverity (CID 2309).
2006-04-13 08:43:17 +00:00
kochi
656c03f555 This is better fix than the previous commit for
saner cleanup path.
2006-04-13 07:31:29 +00:00
kochi
691e781111 Fix usage after free of NextWalkState.
Closes Coverity CID 2672 and this is reported to intel people.
2006-04-13 07:21:20 +00:00
cube
7db196715b Protect config(1)-generated include files inclusion with
#ifdef _KERNEL_OPT.  ACPI-CA might be used by standalone code in the
future.  Suggested by cherry@.
2006-04-07 13:49:20 +00:00
martti
7967220333 Removed BROKEN_TCP_WINDOW_CHECK hack. 2006-04-04 16:19:05 +00:00
martti
9ea58d54bc Upgraded IPFilter to 4.1.13 2006-04-04 16:17:18 +00:00
kochi
ec7315b11c Moved from sys/dev/acpi/acpica/Subsystem.
suggested by cube.
2006-03-23 13:36:31 +00:00
christos
5a57baa413 don't use MALLOC with a non-constant size; use malloc instead. 2006-03-17 23:29:07 +00:00
lukem
a1f606d3fd Use the SI capitalization for "Hz", "kHz", and "MHz" in comments and strings.
Add a space between numbers and Hz unit.
2006-03-08 23:46:22 +00:00
peter
8f83cde4e3 Fix TCP/UDP checksum handling as pointed out by Daniel Hartmeier in:
http://mail-index.netbsd.org/tech-net/2006/01/21/0000.html.

Problem reported and patch tested by der Mouse & Nino Dehne (PR/32874).
2006-02-19 12:15:33 +00:00
rpaulo
99513cfd59 In pf_socket_lookup() fix copy & paste problem when in6_pcblookup_bind()
returns NULL.
2006-02-07 22:53:03 +00:00
peter
10f6d07582 apply a fix from OpenBSD:
> revision 1.104
> date: 2006/01/18 22:03:21;  author: dhartmei;  state: Exp;  lines: +2 -2
> fix a bug in the fragment cache (used for 'scrub fragment crop/drop-ovl',
> but not 'fragment reassemble'), which can cause some fragments to get
> inserted into the cache twice, thereby violating an invariant, and panic-
> ing the system subsequently. ok deraadt@
2006-01-25 10:45:20 +00:00
peter
5d1968b1c0 Include netinet/in.h, for compatibility with OpenBSD (we #ifdef'ed out a
header which includes netinet/in.h on OpenBSD).

Pointed out by Thomas E. Spanjaard.
No objection from yamt@.
2006-01-17 12:24:53 +00:00
christos
97dec287fc make the kernel link without options INET.
XXX: this is of dubious use.
2005-12-28 09:29:48 +00:00
christos
08e11b2039 make this compile with no INET options. 2005-12-28 09:05:54 +00:00
christos
95e1ffb156 merge ktrace-lwp. 2005-12-11 12:16:03 +00:00
christos
a751ffb4fe Adjust for icmp_error signature. 2005-10-23 19:40:20 +00:00
yamt
3a2482b78f fr_check_wrapper6: handle M_CSUM_TCPv6|M_CSUM_UDPv6. 2005-08-11 13:01:38 +00:00
yamt
bbfb2033ff pfil6_wrapper: handle M_CSUM_TCPv6|M_CSUM_UDPv6. 2005-08-11 13:01:24 +00:00
yamt
d6d72a6dc9 wrap INET only code by #if defined(INET). (in __NetBSD__ part) 2005-08-06 11:22:39 +00:00
peter
84fa01a154 pf_test() can set *mp to NULL, check for this before de-referencing it.
From Akihiro Sagawa in PR/30835.
2005-07-26 13:09:23 +00:00
christos
b132d4d5fd Fix typo 2005-07-10 09:22:56 +00:00
christos
4a35068121 Small correction to skd's patch from darren. 2005-07-10 05:49:38 +00:00
christos
20dd96aff1 Don't drop fragments that are smalled than the ip header size. From skd 2005-07-09 14:51:11 +00:00
peter
9710741485 Resolve conflicts (pf from OpenBSD 3.7, kernel part). 2005-07-01 12:37:34 +00:00
lukem
fd8956d5fa Use an "XXXGCC -Wuninitalized" style that is consistent with that used
elsewhere in the tree.
2005-06-15 01:48:20 +00:00
jmc
6724401235 Cleanup XXGCC in a few places to make it easier to see. 2005-06-14 21:20:30 +00:00
jmc
c3073778d2 Fix unitialized warnings that only crop up on m68k. XXGCC taggedd 2005-06-13 20:33:53 +00:00
darrenr
4e1ba8b46a bin/29508 - fix "ipf -T" - kernel wasn't setting ipft_cookie and userland
was expecting it to be set, thus ignored it.
bin/29509 - because ipft_cookie wasn't reset to 0 before making the ioctl
call for each variable, only the first name to find was used, each successive
call just used the cookie.
CVn: ----------------------------------------------------------------------
2005-06-11 12:31:40 +00:00
darrenr
e5f523e30c Using USE_SPL should be done after the last place it is defined. 2005-06-11 12:12:59 +00:00
darrenr
486aaa2c70 kern/30082 - fr_check() is missing SPL_NET() macros for non-mutex using
platforms, allowing it to be preempted and restarted in an inconsistent
state.
2005-06-11 11:25:28 +00:00
yamt
656adb750b pf_reassemble: clear stale csum_flags. 2005-06-08 11:50:46 +00:00
christos
f9aeac0ab7 - sprinkle const
- avoid variable shadowing.
2005-05-29 21:57:49 +00:00
christos
966656bbac more fallout from so_uid -> so_uidinfo. 2005-05-07 19:59:56 +00:00
martti
58b8abcbf8 Upgraded IPFilter to 4.1.8 2005-04-03 15:05:30 +00:00
martti
c775aec128 Import IPFilter 4.1.8 2005-04-03 15:01:04 +00:00
christos
3136f75efa defopt IPFILTER_DEFAULT_BLOCK 2005-03-26 18:08:42 +00:00