NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: kern/59615: NPF seems to block all traffic with an HEAD (11.99.x) kernel and netbsd-10 userland
Hi Leot,
I’m closing this PR.
I’m committing this patch.
Index: sys/net/npf/npf.h
===================================================================
RCS file: /cvsroot/src/sys/net/npf/npf.h,v
retrieving revision 1.67
diff -u -r1.67 npf.h
--- sys/net/npf/npf.h 1 Jul 2025 18:42:37 -0000 1.67
+++ sys/net/npf/npf.h 6 Oct 2025 18:13:26 -0000
@@ -355,11 +355,9 @@
NPF_STAT_PASS_DEFAULT,
NPF_STAT_PASS_RULESET,
NPF_STAT_PASS_CONN,
- NPF_ETHER_STAT_PASS,
/* Packets blocked. */
NPF_STAT_BLOCK_DEFAULT,
NPF_STAT_BLOCK_RULESET,
- NPF_ETHER_STAT_BLOCK,
/* Connection and NAT entries. */
NPF_STAT_CONN_CREATE,
NPF_STAT_CONN_DESTROY,
@@ -382,6 +380,9 @@
/* nbuf non-contiguous cases. */
NPF_STAT_NBUF_NONCONTIG,
NPF_STAT_NBUF_CONTIG_FAIL,
+ /* layer 2 statistics */
+ NPF_ETHER_STAT_PASS,
+ NPF_ETHER_STAT_BLOCK,
/* Count (last). */
NPF_STATS_COUNT
} npf_stats_t;
Index: sys/net/npf/npf_ruleset.c
===================================================================
RCS file: /cvsroot/src/sys/net/npf/npf_ruleset.c,v
retrieving revision 1.56
diff -u -r1.56 npf_ruleset.c
--- sys/net/npf/npf_ruleset.c 1 Jul 2025 18:42:37 -0000 1.56
+++ sys/net/npf/npf_ruleset.c 6 Oct 2025 18:13:26 -0000
@@ -925,7 +925,14 @@
const unsigned skip_to = rl->r_skip_to & SKIPTO_MASK;
const uint32_t attr = rl->r_attr;
- if ((attr & layer) == 0) {
+ /*
+ * PR kern/59615
+ * we are skipping rule inspection on two cases
+ * if layer attributes are set but we are on a different layer
+ * or if no layer attributes set (10 userland), don't inspect at layer 2
+ */
+ if (!(((layer == NPF_RULE_LAYER_3 && ((attr & (NPF_RULE_LAYER_2 | NPF_RULE_LAYER_3)) == 0)) ||
+ (attr & layer)))) {
n = skip_to;
continue;
}
Home |
Main Index |
Thread Index |
Old Index