svn commit: r338047 - head/sys/contrib/ipfilter/netinet
Cy Schubert
cy at FreeBSD.org
Sun Aug 19 13:45:04 UTC 2018
Author: cy
Date: Sun Aug 19 13:45:03 2018
New Revision: 338047
URL: https://svnweb.freebsd.org/changeset/base/338047
Log:
The bucket index is subtracted by one at lines 2304 and 2314. When 0 it
becomes -1, except these are unsigned integers, so they become very large
numbers. Thus are always larger than the maximum bucket; the hash table
insertion fails causing NAT to fail.
This commit ensures that if the index is already zero it is not reduced
prior to insertion into the hash table.
PR: 208566
Modified:
head/sys/contrib/ipfilter/netinet/ip_nat.c
Modified: head/sys/contrib/ipfilter/netinet/ip_nat.c
==============================================================================
--- head/sys/contrib/ipfilter/netinet/ip_nat.c Sun Aug 19 13:44:59 2018 (r338046)
+++ head/sys/contrib/ipfilter/netinet/ip_nat.c Sun Aug 19 13:45:03 2018 (r338047)
@@ -2304,14 +2304,16 @@ ipf_nat_delete(softc, nat, logtype)
bkt = nat->nat_hv[0] % softn->ipf_nat_table_sz;
nss = &softn->ipf_nat_stats.ns_side[0];
- nss->ns_bucketlen[bkt]--;
+ if (nss->ns_bucketlen[bkt] > 0)
+ nss->ns_bucketlen[bkt]--;
if (nss->ns_bucketlen[bkt] == 0) {
nss->ns_inuse--;
}
bkt = nat->nat_hv[1] % softn->ipf_nat_table_sz;
nss = &softn->ipf_nat_stats.ns_side[1];
- nss->ns_bucketlen[bkt]--;
+ if (nss->ns_bucketlen[bkt] > 0)
+ nss->ns_bucketlen[bkt]--;
if (nss->ns_bucketlen[bkt] == 0) {
nss->ns_inuse--;
}
More information about the svn-src-all
mailing list