freebsd-nq/sys/contrib/pf/net
Daniel Hartmeier 2726bbe221 Initialise init_addr in pf_map_addr() in the PF_POOL_ROUNDROBIN,
prevents a possible endless loop in pf_get_sport() with 'static-port'

ICMP state entries use the ICMP ID as port for the unique state key. When
checking for a usable key, construct the key in the same way. Otherwise,
a colliding key might be missed or a state insertion might be refused even
though it could be inserted. The second case triggers the endless loop,
possibly allowing a NATed LAN client to lock up the kernel.

PR:			kern/74930
Reported and tested by:	Hugo Silva, Srebrenko Sehic
MFC after:		3 days
2004-12-19 19:43:04 +00:00
..
if_pflog.c Move pf* init from SI_SUB_PSEUDO to SI_SUB_PROTO_IFATTACHDOMAIN where it is 2004-09-14 03:12:01 +00:00
if_pflog.h Commit pf version 3.5 and link additional files to the kernel build. 2004-06-16 23:24:02 +00:00
if_pfsync.c Compile pfsync w/o bpf. 2004-12-10 17:42:47 +00:00
if_pfsync.h Commit pf version 3.5 and link additional files to the kernel build. 2004-06-16 23:24:02 +00:00
pf_if.c Improved interface handling. This should fix the use of renamed interfaces 2004-11-03 17:21:12 +00:00
pf_ioctl.c Add an additional struct inpcb * argument to pfil(9) in order to enable 2004-09-29 04:54:33 +00:00
pf_norm.c Get rid of the RANDOM_IP_ID option and make it a sysctl. NetBSD 2004-08-14 15:32:40 +00:00
pf_osfp.c Commit pf version 3.5 and link additional files to the kernel build. 2004-06-16 23:24:02 +00:00
pf_subr.c Commit pf version 3.5 and link additional files to the kernel build. 2004-06-16 23:24:02 +00:00
pf_table.c Initialize s variable early to shut up GCC warnings. 2004-07-28 06:14:44 +00:00
pf.c Initialise init_addr in pf_map_addr() in the PF_POOL_ROUNDROBIN, 2004-12-19 19:43:04 +00:00
pfvar.h Add an additional struct inpcb * argument to pfil(9) in order to enable 2004-09-29 04:54:33 +00:00