Date: Thu, 02 Feb 2006 10:55:45 -0600 From: "Christian S.J. Peron" <csjp@FreeBSD.org> To: Michal Mertl <michal.mertl@i.cz> Cc: Andrew Thompson <thompsa@freebsd.org>, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/net pfil.c pfil.h src/sys/netinet ip_fastfwd.c ip_fw2.c ip_input.c ip_output.c src/sys/netinet6 ip6_forward.c ip6_input.c ip6_output.c Message-ID: <43E23991.4080108@FreeBSD.org> In-Reply-To: <1138898295.10021.0.camel@genius.i.cz> References: <200602020313.k123DGFl029834@repoman.freebsd.org> <1138898295.10021.0.camel@genius.i.cz>
next in thread | previous in thread | raw e-mail | index | archive | help
Michal Mertl wrote:
>Christian S.J. Peron wrote:
>
>
>>csjp 2006-02-02 03:13:16 UTC
>>
>> FreeBSD src repository
>>
>> Modified files:
>> sys/net pfil.c pfil.h
>> sys/netinet ip_fastfwd.c ip_fw2.c ip_input.c
>> ip_output.c
>> sys/netinet6 ip6_forward.c ip6_input.c ip6_output.c
>> Log:
>>....
>>
>>
>
>I think you broke if_bridge(4) and also debug kernel build. Patches for
>both bugs are attached.
>
>
>Michal
>
>
>------------------------------------------------------------------------
>
>Index: if_bridge.c
>===================================================================
>RCS file: /home/fcvs/cvs/src/sys/net/if_bridge.c,v
>retrieving revision 1.52
>diff -u -r1.52 if_bridge.c
>--- if_bridge.c 31 Jan 2006 21:21:28 -0000 1.52
>+++ if_bridge.c 2 Feb 2006 12:30:37 -0000
>@@ -1531,9 +1531,9 @@
> return;
> }
>
>- if (inet_pfil_hook.ph_busy_count >= 0
>+ if (PFIL_HOOKED(&inet_pfil_hook)
> #ifdef INET6
>- || inet6_pfil_hook.ph_busy_count >= 0
>+ || PFIL_HOOKED(&inet6_pfil_hook)
> #endif
> ) {
> if (bridge_pfil(&m, sc->sc_ifp, ifp, PFIL_OUT) != 0)
>@@ -1800,9 +1800,9 @@
> }
>
> /* run the packet filter */
>- if (inet_pfil_hook.ph_busy_count >= 0
>+ if (PFIL_HOOKED(&inet_pfil_hook)
> #ifdef INET6
>- || inet6_pfil_hook.ph_busy_count >= 0
>+ || PFIL_HOOKED(&inet6_pfil_hook)
> #endif
> ) {
> BRIDGE_UNLOCK(sc);
>@@ -1857,9 +1857,9 @@
>
> BRIDGE_UNLOCK(sc);
>
>- if (inet_pfil_hook.ph_busy_count >= 0
>+ if (PFIL_HOOKED(&inet_pfil_hook)
> #ifdef INET6
>- || inet6_pfil_hook.ph_busy_count >= 0
>+ || PFIL_HOOKED(&inet6_pfil_hook)
> #endif
> ) {
> if (bridge_pfil(&m, sc->sc_ifp, dst_if, PFIL_OUT) != 0)
>@@ -2055,9 +2055,10 @@
> }
>
> /* Filter on the bridge interface before broadcasting */
>- if (runfilt && (inet_pfil_hook.ph_busy_count >= 0
>+ if (runfilt &&
>+ (PFIL_HOOKED(&inet_pfil_hook)
> #ifdef INET6
>- || inet6_pfil_hook.ph_busy_count >= 0
>+ || PFIL_HOOKED(&inet6_pfil_hook)
> #endif
> )) {
> if (bridge_pfil(&m, sc->sc_ifp, NULL, PFIL_OUT) != 0)
>@@ -2102,9 +2103,10 @@
> * pointer so we do not redundantly filter on the bridge for
> * each interface we broadcast on.
> */
>- if (runfilt && (inet_pfil_hook.ph_busy_count >= 0
>+ if (runfilt &&
>+ (PFIL_HOOKED(&inet_pfil_hook)
> #ifdef INET6
>- || inet6_pfil_hook.ph_busy_count >= 0
>+ || PFIL_HOOKED(&inet6_pfil_hook)
> #endif
> )) {
> if (bridge_pfil(&mc, NULL, dst_if, PFIL_OUT) != 0)
>
>
>------------------------------------------------------------------------
>
>Index: ip_fw2.c
>===================================================================
>RCS file: /home/fcvs/cvs/src/sys/netinet/ip_fw2.c,v
>retrieving revision 1.125
>diff -u -r1.125 ip_fw2.c
>--- ip_fw2.c 2 Feb 2006 03:13:15 -0000 1.125
>+++ ip_fw2.c 2 Feb 2006 13:06:31 -0000
>@@ -1,5 +1,5 @@
> /*-
>- * Copyright (c) 2002 Luigi Rizzo, Universita` di Pisa
>+ * cOPYright (c) 2002 Luigi Rizzo, Universita` di Pisa
> *
> * Redistribution and use in source and binary forms, with or without
> * modification, are permitted provided that the following conditions
>@@ -139,7 +139,7 @@
> rw_init(&(_chain)->rwmtx, "IPFW static rules")
> #define IPFW_LOCK_DESTROY(_chain) rw_destroy(&(_chain)->rwmtx)
> #define IPFW_WLOCK_ASSERT(_chain) do { \
>- rw_assert(rw, RA_WLOCKED); \
>+ rw_assert(&(_chain)->rwmtx, RA_WLOCKED); \
> NET_ASSERT_GIANT(); \
> } while (0)
>
>
>
I must have missed the bridge stuff when I committed the PFIL_HOOKED
macros, sorry for the inconvinience!
--
Christian S.J. Peron
csjp@FreeBSD.ORG
FreeBSD Committer
FreeBSD Security Team
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?43E23991.4080108>