d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

The bucket index is subtracted by one at lines 2304 and 2314. When 0 it

Browse Source 
becomes -1, except these are unsigned integers, so they become very large
numbers. Thus are always larger than the maximum bucket; the hash table
insertion fails causing NAT to fail.

This commit ensures that if the index is already zero it is not reduced
prior to insertion into the hash table.

PR:		208566
This commit is contained in:
Cy Schubert 2018-08-19 13:45:03 +00:00
parent 58a290b9f4
commit 683a58eeb9
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
sys/contrib/ipfilter/netinet/ip_nat.c
View File

@ -2304,14 +2304,16 @@ ipf_nat_delete(softc, nat, logtype)
bkt = nat->nat_hv[0] % softn->ipf_nat_table_sz;
nss = &softn->ipf_nat_stats.ns_side[0];
nss->ns_bucketlen[bkt]--;
if (nss->ns_bucketlen[bkt] > 0)
nss->ns_bucketlen[bkt]--;
if (nss->ns_bucketlen[bkt] == 0) {
nss->ns_inuse--;
}
bkt = nat->nat_hv[1] % softn->ipf_nat_table_sz;
nss = &softn->ipf_nat_stats.ns_side[1];
nss->ns_bucketlen[bkt]--;
if (nss->ns_bucketlen[bkt] > 0)
nss->ns_bucketlen[bkt]--;
if (nss->ns_bucketlen[bkt] == 0) {
nss->ns_inuse--;
}