Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/net/npf In addition to checking L4 in the cache, here we...
details: https://anonhg.NetBSD.org/src/rev/d7e5eb349dce
branches: trunk
changeset: 321571:d7e5eb349dce
user: maxv <maxv%NetBSD.org@localhost>
date: Fri Mar 23 08:34:57 2018 +0000
description:
In addition to checking L4 in the cache, here we also need to check the
protocol. The NPF entry point does not ensure that
ICMPv6 can be set only in IPv6
ICMPv4 can be set only in IPv4
So we could have ICMPv6 in IPv4.
diffstat:
sys/net/npf/npf_alg_icmp.c | 10 ++++++----
1 files changed, 6 insertions(+), 4 deletions(-)
diffs (33 lines):
diff -r 3bc2b35aebb4 -r d7e5eb349dce sys/net/npf/npf_alg_icmp.c
--- a/sys/net/npf/npf_alg_icmp.c Fri Mar 23 08:28:54 2018 +0000
+++ b/sys/net/npf/npf_alg_icmp.c Fri Mar 23 08:34:57 2018 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_alg_icmp.c,v 1.29 2018/03/22 12:16:11 maxv Exp $ */
+/* $NetBSD: npf_alg_icmp.c,v 1.30 2018/03/23 08:34:57 maxv Exp $ */
/*-
* Copyright (c) 2010 The NetBSD Foundation, Inc.
@@ -35,7 +35,7 @@
#ifdef _KERNEL
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_alg_icmp.c,v 1.29 2018/03/22 12:16:11 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_alg_icmp.c,v 1.30 2018/03/23 08:34:57 maxv Exp $");
#include <sys/param.h>
#include <sys/module.h>
@@ -213,10 +213,12 @@
* Inspect the ICMP packet. The relevant data might be in the
* embedded packet. Fill the "enpc" cache, if so.
*/
- if (npf_iscached(npc, NPC_IP4)) {
+ if (npf_iscached(npc, NPC_IP4) &&
+ npc->npc_proto == IPPROTO_ICMP) {
const struct icmp *ic = npc->npc_l4.icmp;
ret = npfa_icmp4_inspect(ic->icmp_type, enpc, &hasqid);
- } else if (npf_iscached(npc, NPC_IP6)) {
+ } else if (npf_iscached(npc, NPC_IP6) &&
+ npc->npc_proto == IPPROTO_ICMPV6) {
const struct icmp6_hdr *ic6 = npc->npc_l4.icmp6;
ret = npfa_icmp6_inspect(ic6->icmp6_type, enpc, &hasqid);
} else {
Home |
Main Index |
Thread Index |
Old Index