Michal Mertl wrote:
Christian S.J. Peron wrote:
csjp 2006-02-02 03:13:16 UTC
FreeBSD src repository
Modified files:
sys/net pfil.c pfil.h
sys/netinet ip_fastfwd.c ip_fw2.c ip_input.c
ip_output.c
sys/netinet6 ip6_forward.c ip6_input.c ip6_output.c
Log:
....
I think you broke if_bridge(4) and also debug kernel build. Patches for
both bugs are attached.
Michal
------------------------------------------------------------------------
Index: if_bridge.c
===================================================================
RCS file: /home/fcvs/cvs/src/sys/net/if_bridge.c,v
retrieving revision 1.52
diff -u -r1.52 if_bridge.c
--- if_bridge.c 31 Jan 2006 21:21:28 -0000 1.52
+++ if_bridge.c 2 Feb 2006 12:30:37 -0000
@@ -1531,9 +1531,9 @@
return;
}
- if (inet_pfil_hook.ph_busy_count >= 0
+ if (PFIL_HOOKED(&inet_pfil_hook)
#ifdef INET6
- || inet6_pfil_hook.ph_busy_count >= 0
+ || PFIL_HOOKED(&inet6_pfil_hook)
#endif
) {
if (bridge_pfil(&m, sc->sc_ifp, ifp, PFIL_OUT) != 0)
@@ -1800,9 +1800,9 @@
}
/* run the packet filter */
- if (inet_pfil_hook.ph_busy_count >= 0
+ if (PFIL_HOOKED(&inet_pfil_hook)
#ifdef INET6
- || inet6_pfil_hook.ph_busy_count >= 0
+ || PFIL_HOOKED(&inet6_pfil_hook)
#endif
) {
BRIDGE_UNLOCK(sc);
@@ -1857,9 +1857,9 @@
BRIDGE_UNLOCK(sc);
- if (inet_pfil_hook.ph_busy_count >= 0
+ if (PFIL_HOOKED(&inet_pfil_hook)
#ifdef INET6
- || inet6_pfil_hook.ph_busy_count >= 0
+ || PFIL_HOOKED(&inet6_pfil_hook)
#endif
) {
if (bridge_pfil(&m, sc->sc_ifp, dst_if, PFIL_OUT) != 0)
@@ -2055,9 +2055,10 @@
}
/* Filter on the bridge interface before broadcasting */
- if (runfilt && (inet_pfil_hook.ph_busy_count >= 0
+ if (runfilt &&
+ (PFIL_HOOKED(&inet_pfil_hook)
#ifdef INET6
- || inet6_pfil_hook.ph_busy_count >= 0
+ || PFIL_HOOKED(&inet6_pfil_hook)
#endif
)) {
if (bridge_pfil(&m, sc->sc_ifp, NULL, PFIL_OUT) != 0)
@@ -2102,9 +2103,10 @@
* pointer so we do not redundantly filter on the bridge for
* each interface we broadcast on.
*/
- if (runfilt && (inet_pfil_hook.ph_busy_count >= 0
+ if (runfilt &&
+ (PFIL_HOOKED(&inet_pfil_hook)
#ifdef INET6
- || inet6_pfil_hook.ph_busy_count >= 0
+ || PFIL_HOOKED(&inet6_pfil_hook)
#endif
)) {
if (bridge_pfil(&mc, NULL, dst_if, PFIL_OUT) != 0)
------------------------------------------------------------------------
Index: ip_fw2.c
===================================================================
RCS file: /home/fcvs/cvs/src/sys/netinet/ip_fw2.c,v
retrieving revision 1.125
diff -u -r1.125 ip_fw2.c
--- ip_fw2.c 2 Feb 2006 03:13:15 -0000 1.125
+++ ip_fw2.c 2 Feb 2006 13:06:31 -0000
@@ -1,5 +1,5 @@
/*-
- * Copyright (c) 2002 Luigi Rizzo, Universita` di Pisa
+ * cOPYright (c) 2002 Luigi Rizzo, Universita` di Pisa
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -139,7 +139,7 @@
rw_init(&(_chain)->rwmtx, "IPFW static rules")
#define IPFW_LOCK_DESTROY(_chain) rw_destroy(&(_chain)->rwmtx)
#define IPFW_WLOCK_ASSERT(_chain) do { \
- rw_assert(rw, RA_WLOCKED); \
+ rw_assert(&(_chain)->rwmtx, RA_WLOCKED); \
NET_ASSERT_GIANT(); \
} while (0)
I must have missed the bridge stuff when I committed the PFIL_HOOKED
macros, sorry for the inconvinience!
--
Christian S.J. Peron
[EMAIL PROTECTED]
FreeBSD Committer
FreeBSD Security Team
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
