CVS commit: [netbsd-9] src

To: source-changes%NetBSD.org@localhost
Subject: CVS commit: [netbsd-9] src
From: "Martin Husemann" <martin%netbsd.org@localhost>
Date: Mon, 25 May 2020 17:25:28 +0000

Module Name:    src
Committed By:   martin
Date:           Mon May 25 17:25:28 UTC 2020

Modified Files:
        src/sys/net/npf [netbsd-9]: npf_conf.c npf_conn.c npf_conn.h
            npf_conndb.c npf_inet.c npf_nat.c
        src/usr.sbin/npf/npfctl [netbsd-9]: npf_build.c npf_show.c npfctl.h

Log Message:
Pull up following revision(s) (requested by rmind in ticket #930):

        usr.sbin/npf/npfctl/npf_build.c: revision 1.54
        sys/net/npf/npf_conn.h: revision 1.19
        usr.sbin/npf/npfctl/npfctl.h: revision 1.52
        usr.sbin/npf/npfctl/npf_show.c: revision 1.31
        sys/net/npf/npf_conf.c: revision 1.16
        sys/net/npf/npf_nat.c: revision 1.49
        sys/net/npf/npf_inet.c: revision 1.56
        sys/net/npf/npf_conndb.c: revision 1.8
        sys/net/npf/npf_conn.c: revision 1.31

Backport selected NPF fixes from the upstream (to be pulled up):

- npf_conndb_lookup: protect the connection lookup with pserialize(9),
  instead of incorrectly assuming that the handler always runs at IPL_SOFNET.
  Should fix crashes reported on high load (PR/55182).

- npf_config_destroy: handle partially initialized config; fixes crashes
  with some invalid configurations.

- NAT policy creation / destruction: set the initial reference and do not
  wait for reference draining on destruction; destroy the policy on the
  last reference drop instead.  Fixes a lockup with the dynamic NAT rules.

- npf_nat_{export,import}: fix a regression since dynamic NAT rules.

- npfctl: fix a regression and restore the default group behaviour.

- Add npf_cache_tcp() and validate the TCP data offset (from maxv@).


To generate a diff of this commit:
cvs rdiff -u -r1.13.2.2 -r1.13.2.3 src/sys/net/npf/npf_conf.c
cvs rdiff -u -r1.27.2.2 -r1.27.2.3 src/sys/net/npf/npf_conn.c
cvs rdiff -u -r1.16.2.2 -r1.16.2.3 src/sys/net/npf/npf_conn.h
cvs rdiff -u -r1.6 -r1.6.2.1 src/sys/net/npf/npf_conndb.c
cvs rdiff -u -r1.54.2.1 -r1.54.2.2 src/sys/net/npf/npf_inet.c
cvs rdiff -u -r1.46.2.2 -r1.46.2.3 src/sys/net/npf/npf_nat.c
cvs rdiff -u -r1.50.2.2 -r1.50.2.3 src/usr.sbin/npf/npfctl/npf_build.c
cvs rdiff -u -r1.28.2.1 -r1.28.2.2 src/usr.sbin/npf/npfctl/npf_show.c
cvs rdiff -u -r1.48.2.2 -r1.48.2.3 src/usr.sbin/npf/npfctl/npfctl.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: [netbsd-9] src/sys/kern
Next by Date: CVS commit: [netbsd-9] src/usr.sbin/npf/npfctl
Previous by Thread: CVS commit: [netbsd-9] src/sys/kern
Next by Thread: CVS commit: [netbsd-9] src/usr.sbin/npf/npfctl
Indexes:

Home | Main Index | Thread Index | Old Index