Darren Reed wrote:
After what seems like an eternity, well 6 months,
I've bumped the revision of IPFilter from 4.1.28
to 4.1.29 to capture all of the bug fixes since.
It was almost compelete with a build bug, but I
uncovered the hidden window in the nick of time.
The files can be downloaded from the usual places,
http://coombs.anu.edu.au/~avalon/ip_fil4.1.29.tar.gz
http://coombs.anu.edu.au/~avalon/patch-4.1.29.gz
and their hashes are:
MD5 (ip_fil4.1.29.tar.gz) = 51f15ec90faa736cfb7bea27846dff71
MD5 (patch-4.1.29.gz) = 594f0bb2f3c7d4bed98a2cc726005759
Cheers,
Darren
4.1.29 - Release 14 April 2008
* #ifdef warning fixes from Victor M Blood (FreeBSD) - #1821249
* An error in NAT'ing a packet that is being fed through the fastroute
code (i.e return-icmp/return-rst/to/dup-to) can lead to a memory leak
with mbufs
* NetBSD has removed rnh_walktree
* Remove exit/enter of ipf_global lock as they are now no longer held by
what calls fr_auth_ioctl()
* add in checks to see that a symbol is defined before using it in a test
case with C preprocessor #if statements
* add setting TCP TIME_WAIT timer to list of tuneables
* call of _pullup() high up in _icmp() means later checks for fin_dlen
that are less than 8 are not required.
* cleanup some errors in merging patches
* merge changes from netbsd for updated poll apis
* merge white space cleanup
* preserve and restore the fin_flx bits from the packet before it is
authorised to after it is.
* remove old comment that is no longer accurate
* sunos5x86 Makefile target has been removed from the Makefile
* try and optimise fr_movequeue and short cut some cases where there
is no requirement to change the position of the object on the list.
* update ip_compat.h for NetBSD changes with POLLWAKEUP
* use defined() in #if statements to make sure something has a value
before its use
1785476 more state entries might be created for single connection
1821247 holding ipf_global lock over call to fr_ioctlswitch() causes
a panic for FreeBSD with INVARIANTS - move holding locks in ioctl
processing to only where they are necessary.
1821358 errors can lead to mbufs not being freed
1825877 variables called min should be renamed to xmin
1835705 It is impossible to delete a state using SIOCDELST ioctl
1839009 Auth rules with both "quick" and "keep state" don't work
1839023 OS freeze: race condition in the auth code.
1839028 Potential problems in auth code
1855763 Fixed bug (#1838530) is reintoduced in the recent CVS commit
1872740 the ipfr_size tunable is ignored
1886836 open on devices not compiled in always succeed
1886965 sync code does not wakeup sleeping polls
1890025 sync code uses state table for nat objects
1915176 Use of "age X/Y" can lead to panic
4.1.28 - Release 16 October 2007
Ok, then the patch below might be of use to you then.
Darren
Darren is there some reason you did not include this code which you
sent to me that fixes bug 1887931?
Regards,
Steve
Ok, then the patch below might be of use to you then.
Darren
diff -c -r2.195.2.105 ip_nat.c
*** ip_nat.c 21 Dec 2007 23:03:24 -0000 2.195.2.105
--- ip_nat.c 8 Feb 2008 02:27:04 -0000
***************
*** 3804,3809 ****
--- 3804,3813 ----
* If there is no current entry in the nat table for
this IP#,
* create one for it (if there is a matching rule).
*/
+ if ((fin->fin_off != 0) && (fin->fin_flx & FI_TCPUDP)) {
+ natfailed = -1;
+ goto nonatfrag;
+ }
RWLOCK_EXIT(&ipf_nat);
msk = 0xffffffff;
nmsk = nat_masks;
***************
*** 3861,3866 ****
--- 3865,3871 ----
MUTEX_DOWNGRADE(&ipf_nat);
}
+ nonatfrag:
if (nat != NULL) {
rval = fr_natout(fin, nat, natadd, nflags);
if (rval == 1) {
***************
*** 4095,4100 ****
--- 4100,4109 ----
} else {
u_32_t hv, msk, rmsk;
+ if ((fin->fin_off != 0) && (fin->fin_flx & FI_TCPUDP)) {
+ natfailed = -1;
+ goto nonatfrag;
+ }
RWLOCK_EXIT(&ipf_nat);
rmsk = rdr_masks;
msk = 0xffffffff;
***************
*** 4155,4160 ****
--- 4164,4171 ----
}
MUTEX_DOWNGRADE(&ipf_nat);
}
+
+ nonatfrag:
if (nat != NULL) {
rval = fr_natin(fin, nat, natadd, nflags);
if (rval == 1) {
