NetBSD master CVS tree commits

To: source-changes%NetBSD.ORG@localhost
Subject: NetBSD master CVS tree commits
From: source%NetBSD.ORG@localhost
Date: 29 Mar 1997 02:00:02 -0000

thorpej
Fri Mar 28 17:57:57 PST 1997
Update of /cvsroot/src/sys/netinet
In directory netbsd1:/var/slash-tmp/cvs-serv2253

Modified Files:
        ip_fil.c ip_fil.h 
Log Message:
Fix an ... interesting bug that resulted from namespace collision.
Description:

        - A BSD pseudo-device initialization routine is declared as
                void <pseudo-device name>attach __P((int count));
          in ioconf.c by config(8).  main() calls these functions
          from a table.

        - IP Filter has functions iplattach() and ipldetach() (or,
          in the NetBSD case, were erroneously renamed ipfilterattach()
          and ipfilterdetach()).  These functions are used to establish
          and disestablish the IP Filter "filter rule check" hook in
          the IP input/output stream.  They are declared:
                int iplattach __P((void));
                int ipldetach __P((void));
          ..and are expected to return a value by iplioctl().

        - When main() calls (by sheer coincidence!) iplattach(),
          the filter hook is established, and the IP Filter machinery
          labeled as "initialized".  This causes all packets, whether or
          not the user intents to use filter rules, to be passed to
          the filter rule checker if "ipfilter" is configured into the
          kernel.

        - As a result of the above, a kludge existed to default to
          passing all packets (I can only assume that when this was
          originally committed, the symptom of the bug was noticed by
          the integrator, but the bug not actually found/fixed).

        - In iplioctl(), if the SIOCFRENB ioctl is issued with an
          argument of "enable" (i.e. user executed "ipf -E"), iplattach()
          will notice that the machinery is already initialized and
          return EBUSY.

Fix:

        - Rename iplattach()/ipldetach() to ipl_enable() and ipl_disable().

        - Create a pseudo-device entry stub named ipfilterattach()
          (NetBSD case) or iplattach() (all other).  This is a noop; none
          of the machinery should be initialized until the caller expicitly
          enables the filter with ipf -E.  Add a comment to note that.

Prev by Date: NetBSD master CVS tree commits
Next by Date: NetBSD master CVS tree commits
Previous by Thread: NetBSD master CVS tree commits
Next by Thread: NetBSD master CVS tree commits
Indexes:

Home | Main Index | Thread Index | Old Index