Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/net/npf In addition to checking L4 in the cache, here we...
details: https://anonhg.NetBSD.org/src/rev/4a43f1abf36e
branches: trunk
changeset: 360683:4a43f1abf36e
user: maxv <maxv%NetBSD.org@localhost>
date: Fri Mar 23 08:34:57 2018 +0000
description:
In addition to checking L4 in the cache, here we also need to check the
protocol. The NPF entry point does not ensure that
ICMPv6 can be set only in IPv6
ICMPv4 can be set only in IPv4
So we could have ICMPv6 in IPv4.
diffstat:
sys/net/npf/npf_alg_icmp.c | 10 ++++++----
1 files changed, 6 insertions(+), 4 deletions(-)
diffs (33 lines):
diff -r cd1815077375 -r 4a43f1abf36e sys/net/npf/npf_alg_icmp.c
--- a/sys/net/npf/npf_alg_icmp.c Fri Mar 23 08:28:54 2018 +0000
+++ b/sys/net/npf/npf_alg_icmp.c Fri Mar 23 08:34:57 2018 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_alg_icmp.c,v 1.29 2018/03/22 12:16:11 maxv Exp $ */
+/* $NetBSD: npf_alg_icmp.c,v 1.30 2018/03/23 08:34:57 maxv Exp $ */
/*-
* Copyright (c) 2010 The NetBSD Foundation, Inc.
@@ -35,7 +35,7 @@
#ifdef _KERNEL
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_alg_icmp.c,v 1.29 2018/03/22 12:16:11 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_alg_icmp.c,v 1.30 2018/03/23 08:34:57 maxv Exp $");
#include <sys/param.h>
#include <sys/module.h>
@@ -213,10 +213,12 @@
* Inspect the ICMP packet. The relevant data might be in the
* embedded packet. Fill the "enpc" cache, if so.
*/
- if (npf_iscached(npc, NPC_IP4)) {
+ if (npf_iscached(npc, NPC_IP4) &&
+ npc->npc_proto == IPPROTO_ICMP) {
const struct icmp *ic = npc->npc_l4.icmp;
ret = npfa_icmp4_inspect(ic->icmp_type, enpc, &hasqid);
- } else if (npf_iscached(npc, NPC_IP6)) {
+ } else if (npf_iscached(npc, NPC_IP6) &&
+ npc->npc_proto == IPPROTO_ICMPV6) {
const struct icmp6_hdr *ic6 = npc->npc_l4.icmp6;
ret = npfa_icmp6_inspect(ic6->icmp6_type, enpc, &hasqid);
} else {
Home |
Main Index |
Thread Index |
Old Index