Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/net/npf In addition to checking L4 in the cache, here we...
details: https://anonhg.NetBSD.org/src/rev/314690daa1c7
branches: trunk
changeset: 831339:314690daa1c7
user: maxv <maxv%NetBSD.org@localhost>
date: Fri Mar 23 08:34:57 2018 +0000
description:
In addition to checking L4 in the cache, here we also need to check the
protocol. The NPF entry point does not ensure that
ICMPv6 can be set only in IPv6
ICMPv4 can be set only in IPv4
So we could have ICMPv6 in IPv4.
diffstat:
sys/net/npf/npf_alg_icmp.c | 10 ++++++----
1 files changed, 6 insertions(+), 4 deletions(-)
diffs (33 lines):
diff -r 98de6ac8410b -r 314690daa1c7 sys/net/npf/npf_alg_icmp.c
--- a/sys/net/npf/npf_alg_icmp.c Fri Mar 23 08:28:54 2018 +0000
+++ b/sys/net/npf/npf_alg_icmp.c Fri Mar 23 08:34:57 2018 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_alg_icmp.c,v 1.29 2018/03/22 12:16:11 maxv Exp $ */
+/* $NetBSD: npf_alg_icmp.c,v 1.30 2018/03/23 08:34:57 maxv Exp $ */
/*-
* Copyright (c) 2010 The NetBSD Foundation, Inc.
@@ -35,7 +35,7 @@
#ifdef _KERNEL
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_alg_icmp.c,v 1.29 2018/03/22 12:16:11 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_alg_icmp.c,v 1.30 2018/03/23 08:34:57 maxv Exp $");
#include <sys/param.h>
#include <sys/module.h>
@@ -213,10 +213,12 @@
* Inspect the ICMP packet. The relevant data might be in the
* embedded packet. Fill the "enpc" cache, if so.
*/
- if (npf_iscached(npc, NPC_IP4)) {
+ if (npf_iscached(npc, NPC_IP4) &&
+ npc->npc_proto == IPPROTO_ICMP) {
const struct icmp *ic = npc->npc_l4.icmp;
ret = npfa_icmp4_inspect(ic->icmp_type, enpc, &hasqid);
- } else if (npf_iscached(npc, NPC_IP6)) {
+ } else if (npf_iscached(npc, NPC_IP6) &&
+ npc->npc_proto == IPPROTO_ICMPV6) {
const struct icmp6_hdr *ic6 = npc->npc_l4.icmp6;
ret = npfa_icmp6_inspect(ic6->icmp6_type, enpc, &hasqid);
} else {
Home |
Main Index |
Thread Index |
Old Index