PF ioctl(DIOCCHANGERULE) NAT -> core dumped
Boris Polevoy
vapcom at mail.ru
Wed Aug 31 14:54:44 GMT 2005
Hello, All!
FreeBSD 5.4-RELEASE:
1) via ioctl(DIOCCHANGERULE) add NAT rule with table in outside pool:
nat on fxp0 inet from <inside> to any -> <out> port 1024:65535 round-robin
2) ping from inside network to outside host crash system whith core dump.
After analysing core dump:
pf_test_icmp()
|
pf_get_translation()
|
pf_get_sport()
|
pf_map_addr()
|
pfr_pool_get(NULL,...)
^^^^
Possible problem in funcion pf_ioctl.c/pfioctl()
switch (cmd) {
case DIOCADDRULE:
....
if (pf_tbladdr_setup(ruleset, &rule->dst.addr))
error = EINVAL;
TAILQ_FOREACH(pa, &pf_pabuf, entries)
if (pf_tbladdr_setup(ruleset, &pa->addr))
error = EINVAL;
pf_mv_pool(&pf_pabuf, &rule->rpool.list);
....
case DIOCCHANGERULE:
....
if (pf_tbladdr_setup(ruleset, &newrule->dst.addr))
error = EINVAL;
>>>
pf_mv_pool(&pf_pabuf, &newrule->rpool.list);
....
This case have not pf_tbladdr_setup(ruleset, &pa->addr) loop.
After inserting TAILQ_FOREACH()loop in case DIOCCHANGERULE NAT rule became work well:
--- pf_ioctl.c Wed Aug 31 17:59:27 2005
+++ pf_ioctl.c-fix Wed Aug 31 17:59:23 2005
@@ -1552,6 +1552,10 @@
if (pf_tbladdr_setup(ruleset, &newrule->dst.addr))
error = EINVAL;
+ TAILQ_FOREACH(pa, &pf_pabuf, entries)
+ if (pf_tbladdr_setup(ruleset, &pa->addr))
+ error = EINVAL;
+
pf_mv_pool(&pf_pabuf, &newrule->rpool.list);
if (((((newrule->action == PF_NAT) ||
(newrule->action == PF_RDR) ||
Is it bug or not?
With best regards
Boris Polevoy
More information about the freebsd-pf
mailing list