Date: Sun, 25 Oct 2015 10:48:30 -0600 From: Ian Lepore <ian@freebsd.org> To: Kristof Provost <kp@FreeBSD.org>, src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r289932 - head/sys/net Message-ID: <1445791710.91534.51.camel@freebsd.org> In-Reply-To: <201510251314.t9PDEsV6053440@repo.freebsd.org> References: <201510251314.t9PDEsV6053440@repo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 2015-10-25 at 13:14 +0000, Kristof Provost wrote: > Author: kp > Date: Sun Oct 25 13:14:53 2015 > New Revision: 289932 > URL: https://svnweb.freebsd.org/changeset/base/289932 > > Log: > PF_ANEQ() macro will in most situations returns TRUE comparing two > identical > IPv4 packets (when it should return FALSE). It happens because > PF_ANEQ() doesn't > stop if first 32 bits of IPv4 packets are equal and starts to check > next 3*32 > bits (like for IPv6 packet). Those bits containt some garbage and > in result > PF_ANEQ() wrongly returns TRUE. > > Fix: Check if packet is of AF_INET type and if it is then compare > only first 32 > bits of data. > > PR: 204005 > Submitted by: Miłosz Kaniewski > > Modified: > head/sys/net/pfvar.h > > Modified: head/sys/net/pfvar.h > ===================================================================== > ========= > --- head/sys/net/pfvar.h Sun Oct 25 12:09:28 2015 (r289 > 931) > +++ head/sys/net/pfvar.h Sun Oct 25 13:14:53 2015 (r289 > 932) > @@ -198,10 +198,11 @@ extern struct rwlock pf_rules_lock; > (a)->addr32[0] == (b)->addr32[0])) \ > > #define PF_ANEQ(a, b, c) \ > - ((a)->addr32[0] != (b)->addr32[0] || \ > + ((c == AF_INET && (a)->addr32[0] != (b)->addr32[0]) || \ > + (c == AF_INET6 && (a)->addr32[3] != (b)->addr32[3] && \ > (a)->addr32[1] != (b)->addr32[1] || \ > (a)->addr32[2] != (b)->addr32[2] || \ > - (a)->addr32[3] != (b)->addr32[3]) \ > + (a)->addr32[3] != (b)->addr32[3])) \ > > #define PF_AZERO(a, c) \ > ((c == AF_INET && !(a)->addr32[0]) || \ > It looks like this change is causing warnings when compiled with gcc: cc1: warnings being treated as errors /local/build/staging/freebsd/dpcur/src/sys/netpfil/pf/if_pfsync.c: In function 'pfsync_state_import': /local/build/staging/freebsd/dpcur/src/sys/netpfil/pf/if_pfsync.c:467: warning: suggest parentheses around && within || [-Wparentheses] /local/build/staging/freebsd/dpcur/src/sys/netpfil/pf/if_pfsync.c:468: warning: suggest parentheses around && within || [-Wparentheses] --- if_pfsync.o --- *** [if_pfsync.o] Error code 1 (and many more just the same building other pf files). -- Ian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1445791710.91534.51.camel>