cvs commit: src/sys/net pfil.c pfil.h
src/sys/netinet ip_fastfwd.c
ip_fw2.c ip_input.c ip_output.c src/sys/netinet6 ip6_forward.c ip6_input.c
ip6_output.c
Christian S.J. Peron
csjp at FreeBSD.org
Thu Feb 2 08:55:48 PST 2006
Michal Mertl wrote:
>Christian S.J. Peron wrote:
>
>
>>csjp 2006-02-02 03:13:16 UTC
>>
>> FreeBSD src repository
>>
>> Modified files:
>> sys/net pfil.c pfil.h
>> sys/netinet ip_fastfwd.c ip_fw2.c ip_input.c
>> ip_output.c
>> sys/netinet6 ip6_forward.c ip6_input.c ip6_output.c
>> Log:
>>....
>>
>>
>
>I think you broke if_bridge(4) and also debug kernel build. Patches for
>both bugs are attached.
>
>
>Michal
>
>
>------------------------------------------------------------------------
>
>Index: if_bridge.c
>===================================================================
>RCS file: /home/fcvs/cvs/src/sys/net/if_bridge.c,v
>retrieving revision 1.52
>diff -u -r1.52 if_bridge.c
>--- if_bridge.c 31 Jan 2006 21:21:28 -0000 1.52
>+++ if_bridge.c 2 Feb 2006 12:30:37 -0000
>@@ -1531,9 +1531,9 @@
> return;
> }
>
>- if (inet_pfil_hook.ph_busy_count >= 0
>+ if (PFIL_HOOKED(&inet_pfil_hook)
> #ifdef INET6
>- || inet6_pfil_hook.ph_busy_count >= 0
>+ || PFIL_HOOKED(&inet6_pfil_hook)
> #endif
> ) {
> if (bridge_pfil(&m, sc->sc_ifp, ifp, PFIL_OUT) != 0)
>@@ -1800,9 +1800,9 @@
> }
>
> /* run the packet filter */
>- if (inet_pfil_hook.ph_busy_count >= 0
>+ if (PFIL_HOOKED(&inet_pfil_hook)
> #ifdef INET6
>- || inet6_pfil_hook.ph_busy_count >= 0
>+ || PFIL_HOOKED(&inet6_pfil_hook)
> #endif
> ) {
> BRIDGE_UNLOCK(sc);
>@@ -1857,9 +1857,9 @@
>
> BRIDGE_UNLOCK(sc);
>
>- if (inet_pfil_hook.ph_busy_count >= 0
>+ if (PFIL_HOOKED(&inet_pfil_hook)
> #ifdef INET6
>- || inet6_pfil_hook.ph_busy_count >= 0
>+ || PFIL_HOOKED(&inet6_pfil_hook)
> #endif
> ) {
> if (bridge_pfil(&m, sc->sc_ifp, dst_if, PFIL_OUT) != 0)
>@@ -2055,9 +2055,10 @@
> }
>
> /* Filter on the bridge interface before broadcasting */
>- if (runfilt && (inet_pfil_hook.ph_busy_count >= 0
>+ if (runfilt &&
>+ (PFIL_HOOKED(&inet_pfil_hook)
> #ifdef INET6
>- || inet6_pfil_hook.ph_busy_count >= 0
>+ || PFIL_HOOKED(&inet6_pfil_hook)
> #endif
> )) {
> if (bridge_pfil(&m, sc->sc_ifp, NULL, PFIL_OUT) != 0)
>@@ -2102,9 +2103,10 @@
> * pointer so we do not redundantly filter on the bridge for
> * each interface we broadcast on.
> */
>- if (runfilt && (inet_pfil_hook.ph_busy_count >= 0
>+ if (runfilt &&
>+ (PFIL_HOOKED(&inet_pfil_hook)
> #ifdef INET6
>- || inet6_pfil_hook.ph_busy_count >= 0
>+ || PFIL_HOOKED(&inet6_pfil_hook)
> #endif
> )) {
> if (bridge_pfil(&mc, NULL, dst_if, PFIL_OUT) != 0)
>
>
>------------------------------------------------------------------------
>
>Index: ip_fw2.c
>===================================================================
>RCS file: /home/fcvs/cvs/src/sys/netinet/ip_fw2.c,v
>retrieving revision 1.125
>diff -u -r1.125 ip_fw2.c
>--- ip_fw2.c 2 Feb 2006 03:13:15 -0000 1.125
>+++ ip_fw2.c 2 Feb 2006 13:06:31 -0000
>@@ -1,5 +1,5 @@
> /*-
>- * Copyright (c) 2002 Luigi Rizzo, Universita` di Pisa
>+ * cOPYright (c) 2002 Luigi Rizzo, Universita` di Pisa
> *
> * Redistribution and use in source and binary forms, with or without
> * modification, are permitted provided that the following conditions
>@@ -139,7 +139,7 @@
> rw_init(&(_chain)->rwmtx, "IPFW static rules")
> #define IPFW_LOCK_DESTROY(_chain) rw_destroy(&(_chain)->rwmtx)
> #define IPFW_WLOCK_ASSERT(_chain) do { \
>- rw_assert(rw, RA_WLOCKED); \
>+ rw_assert(&(_chain)->rwmtx, RA_WLOCKED); \
> NET_ASSERT_GIANT(); \
> } while (0)
>
>
>
I must have missed the bridge stuff when I committed the PFIL_HOOKED
macros, sorry for the inconvinience!
--
Christian S.J. Peron
csjp at FreeBSD.ORG
FreeBSD Committer
FreeBSD Security Team
More information about the cvs-all
mailing list