Date: Wed, 31 Aug 2005 18:54:42 +0400 From: Boris Polevoy <vapcom@mail.ru> To: freebsd-pf@freebsd.org Subject: PF ioctl(DIOCCHANGERULE) NAT -> core dumped Message-ID: <E1EATz8-000Fkz-00.vapcom-mail-ru@f37.mail.ru>
next in thread | raw e-mail | index | archive | help
Hello, All!
FreeBSD 5.4-RELEASE:
1) via ioctl(DIOCCHANGERULE) add NAT rule with table in outside pool:
nat on fxp0 inet from <inside> to any -> <out> port 1024:65535 round-robin
2) ping from inside network to outside host crash system whith core dump.
After analysing core dump:
pf_test_icmp()
|
pf_get_translation()
|
pf_get_sport()
|
pf_map_addr()
|
pfr_pool_get(NULL,...)
^^^^
Possible problem in funcion pf_ioctl.c/pfioctl()
switch (cmd) {
case DIOCADDRULE:
....
if (pf_tbladdr_setup(ruleset, &rule->dst.addr))
error = EINVAL;
TAILQ_FOREACH(pa, &pf_pabuf, entries)
if (pf_tbladdr_setup(ruleset, &pa->addr))
error = EINVAL;
pf_mv_pool(&pf_pabuf, &rule->rpool.list);
....
case DIOCCHANGERULE:
....
if (pf_tbladdr_setup(ruleset, &newrule->dst.addr))
error = EINVAL;
>>>
pf_mv_pool(&pf_pabuf, &newrule->rpool.list);
....
This case have not pf_tbladdr_setup(ruleset, &pa->addr) loop.
After inserting TAILQ_FOREACH()loop in case DIOCCHANGERULE NAT rule became work well:
--- pf_ioctl.c Wed Aug 31 17:59:27 2005
+++ pf_ioctl.c-fix Wed Aug 31 17:59:23 2005
@@ -1552,6 +1552,10 @@
if (pf_tbladdr_setup(ruleset, &newrule->dst.addr))
error = EINVAL;
+ TAILQ_FOREACH(pa, &pf_pabuf, entries)
+ if (pf_tbladdr_setup(ruleset, &pa->addr))
+ error = EINVAL;
+
pf_mv_pool(&pf_pabuf, &newrule->rpool.list);
if (((((newrule->action == PF_NAT) ||
(newrule->action == PF_RDR) ||
Is it bug or not?
With best regards
Boris Polevoy
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E1EATz8-000Fkz-00.vapcom-mail-ru>