Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 22 Aug 2018 01:43:11 +0000 (UTC)
From:      Cy Schubert <cy@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org
Subject:   svn commit: r338171 - in stable: 10/sys/contrib/ipfilter/netinet 11/sys/contrib/ipfilter/netinet
Message-ID:  <201808220143.w7M1hBmR012102@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: cy
Date: Wed Aug 22 01:43:11 2018
New Revision: 338171
URL: https://svnweb.freebsd.org/changeset/base/338171

Log:
  MFC r338047:
  
  The bucket index is subtracted by one at lines 2304 and 2314.  When 0 it
  becomes -1, except these are unsigned integers, so they become very large
  numbers. Thus are always larger than the maximum bucket; the hash table
  insertion fails causing NAT to fail.
  
  This commit ensures that if the index is already zero it is not reduced
  prior to insertion into the hash table.
  
  PR:		208566

Modified:
  stable/11/sys/contrib/ipfilter/netinet/ip_nat.c
Directory Properties:
  stable/11/   (props changed)

Changes in other areas also in this revision:
Modified:
  stable/10/sys/contrib/ipfilter/netinet/ip_nat.c
Directory Properties:
  stable/10/   (props changed)

Modified: stable/11/sys/contrib/ipfilter/netinet/ip_nat.c
==============================================================================
--- stable/11/sys/contrib/ipfilter/netinet/ip_nat.c	Wed Aug 22 01:23:11 2018	(r338170)
+++ stable/11/sys/contrib/ipfilter/netinet/ip_nat.c	Wed Aug 22 01:43:11 2018	(r338171)
@@ -2304,14 +2304,16 @@ ipf_nat_delete(softc, nat, logtype)
 
 		bkt = nat->nat_hv[0] % softn->ipf_nat_table_sz;
 		nss = &softn->ipf_nat_stats.ns_side[0];
-		nss->ns_bucketlen[bkt]--;
+		if (nss->ns_bucketlen[bkt] > 0)
+			nss->ns_bucketlen[bkt]--;
 		if (nss->ns_bucketlen[bkt] == 0) {
 			nss->ns_inuse--;
 		}
 
 		bkt = nat->nat_hv[1] % softn->ipf_nat_table_sz;
 		nss = &softn->ipf_nat_stats.ns_side[1];
-		nss->ns_bucketlen[bkt]--;
+		if (nss->ns_bucketlen[bkt] > 0)
+			nss->ns_bucketlen[bkt]--;
 		if (nss->ns_bucketlen[bkt] == 0) {
 			nss->ns_inuse--;
 		}



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201808220143.w7M1hBmR012102>