freebsd-dev

History

Andrey V. Elsukov eed302572a Use cfg->nomatch_verdict as return value from NAT64LSN handler when given mbuf is considered as not matched. If mbuf was consumed or freed during handling, we must return IP_FW_DENY, since ipfw's pfil handler ipfw_check_packet() expects IP_FW_DENY when mbuf pointer is NULL. This fixes KASSERT panics when NAT64 is used with INVARIANTS. Also remove unused nomatch_final field from struct nat64lsn_cfg. Reported by: Justin Holcomb <justin at justinholcomb dot me> Obtained from: Yandex LLC MFC after: 1 week Sponsored by: Yandex LLC	2018-04-12 21:13:30 +00:00
..
ipfw	Use cfg->nomatch_verdict as return value from NAT64LSN handler when	2018-04-12 21:13:30 +00:00
pf	pf: limit ioctl to a reasonable and tuneable number of elements	2018-04-11 11:43:12 +00:00

Andrey V. Elsukov eed302572a Use cfg->nomatch_verdict as return value from NAT64LSN handler when

given mbuf is considered as not matched.

If mbuf was consumed or freed during handling, we must return
IP_FW_DENY, since ipfw's pfil handler ipfw_check_packet() expects
IP_FW_DENY when mbuf pointer is NULL. This fixes KASSERT panics
when NAT64 is used with INVARIANTS. Also remove unused nomatch_final
field from struct nat64lsn_cfg.

Reported by:	Justin Holcomb <justin at justinholcomb dot me>
Obtained from:	Yandex LLC
MFC after:	1 week
Sponsored by:	Yandex LLC

2018-04-12 21:13:30 +00:00

ipfw

Use cfg->nomatch_verdict as return value from NAT64LSN handler when

2018-04-12 21:13:30 +00:00

pf: limit ioctl to a reasonable and tuneable number of elements

2018-04-11 11:43:12 +00:00