Hello, All! I found some possible problem in funcion pf_ioctl.c/pfioctl() in FreeBSD 5.4-RELEASE PF.
To add PF rdr (nat) rule in active ruleset we have to do several steps: 1) get pool ticket with ioctl(DIOCBEGINADDRS); 2) create addresses pool with several ioctl(DIOCADDADDR); 3) get ticket for add rule with ioctl(DIOCCHANGERULE); 4) add rule with ioctl(DIOCCHANGERULE). In step 2 ioctl(DIOCADDADDR) do not check pool ticket value, and there is possible situation of malicious or failure address pool addition whithout geting pool ticket from another process. Is it bug or not? With best regards Boris Polevoy _______________________________________________ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[EMAIL PROTECTED]"
