From owner-svn-src-head@freebsd.org Sun Oct 25 16:48:38 2015 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 007418FA3 for ; Sun, 25 Oct 2015 16:48:38 +0000 (UTC) (envelope-from ian@freebsd.org) Received: from pmta2.delivery6.ore.mailhop.org (pmta2.delivery6.ore.mailhop.org [54.200.129.228]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id D4D031F48 for ; Sun, 25 Oct 2015 16:48:37 +0000 (UTC) (envelope-from ian@freebsd.org) Received: from ilsoft.org (unknown [73.34.117.227]) by outbound2.ore.mailhop.org (Halon Mail Gateway) with ESMTPSA; Sun, 25 Oct 2015 16:48:51 +0000 (UTC) Received: from rev (rev [172.22.42.240]) by ilsoft.org (8.14.9/8.14.9) with ESMTP id t9PGmUJd025700; Sun, 25 Oct 2015 10:48:30 -0600 (MDT) (envelope-from ian@freebsd.org) Message-ID: <1445791710.91534.51.camel@freebsd.org> Subject: Re: svn commit: r289932 - head/sys/net From: Ian Lepore To: Kristof Provost , src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Date: Sun, 25 Oct 2015 10:48:30 -0600 In-Reply-To: <201510251314.t9PDEsV6053440@repo.freebsd.org> References: <201510251314.t9PDEsV6053440@repo.freebsd.org> Content-Type: text/plain; charset="iso-8859-2" X-Mailer: Evolution 3.16.5 FreeBSD GNOME Team Port Mime-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 25 Oct 2015 16:48:38 -0000 On Sun, 2015-10-25 at 13:14 +0000, Kristof Provost wrote: > Author: kp > Date: Sun Oct 25 13:14:53 2015 > New Revision: 289932 > URL: https://svnweb.freebsd.org/changeset/base/289932 > > Log: > PF_ANEQ() macro will in most situations returns TRUE comparing two > identical > IPv4 packets (when it should return FALSE). It happens because > PF_ANEQ() doesn't > stop if first 32 bits of IPv4 packets are equal and starts to check > next 3*32 > bits (like for IPv6 packet). Those bits containt some garbage and > in result > PF_ANEQ() wrongly returns TRUE. > > Fix: Check if packet is of AF_INET type and if it is then compare > only first 32 > bits of data. > > PR: 204005 > Submitted by: Miłosz Kaniewski > > Modified: > head/sys/net/pfvar.h > > Modified: head/sys/net/pfvar.h > ===================================================================== > ========= > --- head/sys/net/pfvar.h Sun Oct 25 12:09:28 2015 (r289 > 931) > +++ head/sys/net/pfvar.h Sun Oct 25 13:14:53 2015 (r289 > 932) > @@ -198,10 +198,11 @@ extern struct rwlock pf_rules_lock; > (a)->addr32[0] == (b)->addr32[0])) \ > > #define PF_ANEQ(a, b, c) \ > - ((a)->addr32[0] != (b)->addr32[0] || \ > + ((c == AF_INET && (a)->addr32[0] != (b)->addr32[0]) || \ > + (c == AF_INET6 && (a)->addr32[3] != (b)->addr32[3] && \ > (a)->addr32[1] != (b)->addr32[1] || \ > (a)->addr32[2] != (b)->addr32[2] || \ > - (a)->addr32[3] != (b)->addr32[3]) \ > + (a)->addr32[3] != (b)->addr32[3])) \ > > #define PF_AZERO(a, c) \ > ((c == AF_INET && !(a)->addr32[0]) || \ > It looks like this change is causing warnings when compiled with gcc: cc1: warnings being treated as errors /local/build/staging/freebsd/dpcur/src/sys/netpfil/pf/if_pfsync.c: In function 'pfsync_state_import': /local/build/staging/freebsd/dpcur/src/sys/netpfil/pf/if_pfsync.c:467: warning: suggest parentheses around && within || [-Wparentheses] /local/build/staging/freebsd/dpcur/src/sys/netpfil/pf/if_pfsync.c:468: warning: suggest parentheses around && within || [-Wparentheses] --- if_pfsync.o --- *** [if_pfsync.o] Error code 1 (and many more just the same building other pf files). -- Ian