svn commit: r341998 - head/sys/netpfil/pf

Kristof Provost kp at FreeBSD.org
Wed Dec 12 20:15:07 UTC 2018 

Author: kp
Date: Wed Dec 12 20:15:06 2018
New Revision: 341998
URL: https://svnweb.freebsd.org/changeset/base/341998

Log:
  pf: Fix endless loop on NAT exhaustion with sticky-address
  
  When we try to find a source port in pf_get_sport() it's possible that
  all available source ports will be in use. In that case we call
  pf_map_addr() to try to find a new source IP to try from. If there are
  no more available source IPs pf_map_addr() will return 1 and we stop
  trying.
  
  However, if sticky-address is set we'll always return the same IP
  address, even if we've already tried that one.
  We need to check the supplied address, because if that's the one we'd
  set it means pf_get_sport() has already tried it, and we should error
  out rather than keep trying.
  
  PR:		233867
  MFC after:	2 weeks
  Differential Revision:	https://reviews.freebsd.org/D18483

Modified:
  head/sys/netpfil/pf/pf.c
  head/sys/netpfil/pf/pf_lb.c

Modified: head/sys/netpfil/pf/pf.c
==============================================================================
--- head/sys/netpfil/pf/pf.c	Wed Dec 12 19:58:54 2018	(r341997)
+++ head/sys/netpfil/pf/pf.c	Wed Dec 12 20:15:06 2018	(r341998)
@@ -5513,6 +5513,8 @@ pf_route(struct mbuf **m, struct pf_rule *r, int dir, 
 	dst.sin_len = sizeof(dst);
 	dst.sin_addr = ip->ip_dst;
 
+	bzero(&naddr, sizeof(naddr));
+
 	if (TAILQ_EMPTY(&r->rpool.list)) {
 		DPFPRINTF(PF_DEBUG_URGENT,
 		    ("%s: TAILQ_EMPTY(&r->rpool.list)\n", __func__));
@@ -5671,6 +5673,8 @@ pf_route6(struct mbuf **m, struct pf_rule *r, int dir,
 	dst.sin6_family = AF_INET6;
 	dst.sin6_len = sizeof(dst);
 	dst.sin6_addr = ip6->ip6_dst;
+
+	bzero(&naddr, sizeof(naddr));
 
 	if (TAILQ_EMPTY(&r->rpool.list)) {
 		DPFPRINTF(PF_DEBUG_URGENT,

Modified: head/sys/netpfil/pf/pf_lb.c
==============================================================================
--- head/sys/netpfil/pf/pf_lb.c	Wed Dec 12 19:58:54 2018	(r341997)
+++ head/sys/netpfil/pf/pf_lb.c	Wed Dec 12 20:15:06 2018	(r341998)
@@ -328,6 +328,12 @@ pf_map_addr(sa_family_t af, struct pf_rule *r, struct 
 	   src node was created just a moment ago in pf_create_state and it
 	   needs to be filled in with routing decision calculated here. */
 	if (*sn != NULL && !PF_AZERO(&(*sn)->raddr, af)) {
+		/* If the supplied address is the same as the current one we've
+		 * been asked before, so tell the caller that there's no other
+		 * address to be had. */
+		if (PF_AEQ(naddr, &(*sn)->raddr, af))
+			return (1);
+
 		PF_ACPY(naddr, &(*sn)->raddr, af);
 		if (V_pf_status.debug >= PF_DEBUG_MISC) {
 			printf("pf_map_addr: src tracking maps ");

More information about the svn-src-all mailing list