Please try the attached patch. Darren Only in ip_fil4.1.28a/BSD: NetBSD-4.99.33-i386 Only in ip_fil4.1.28a/BSD: tools diff -cr ip_fil4.1.28/fil.c ip_fil4.1.28a/fil.c *** ip_fil4.1.28/fil.c Wed Oct 10 02:27:20 2007 --- ip_fil4.1.28a/fil.c Sat Oct 20 22:30:01 2007 *************** *** 7019,7025 **** break; } - RWLOCK_EXIT(&ipf_global); WRITE_ENTER(&ipf_global); if (tmp) { if (fr_running > 0) --- 7019,7024 ---- *************** *** 7035,7040 **** --- 7034,7040 ---- if (error == 0) fr_running = -1; } + RWLOCK_EXIT(&ipf_global); } break; *************** *** 7176,7182 **** if (!(mode & FWRITE)) error = EPERM; else { - RWLOCK_EXIT(&ipf_global); WRITE_ENTER(&ipf_global); #ifdef MENTAT error = ipfsync(); --- 7176,7181 ---- *************** *** 7184,7189 **** --- 7183,7189 ---- frsync(NULL); error = 0; #endif + RWLOCK_EXIT(&ipf_global); } break; diff -cr ip_fil4.1.28/ip_fil_freebsd.c ip_fil4.1.28a/ip_fil_freebsd.c *** ip_fil4.1.28/ip_fil_freebsd.c Thu Sep 20 05:51:50 2007 --- ip_fil4.1.28a/ip_fil_freebsd.c Sat Oct 20 22:29:37 2007 *************** *** 345,360 **** } SPL_NET(s); - READ_ENTER(&ipf_global); error = fr_ioctlswitch(unit, data, cmd, mode, p->p_uid, p); if (error != -1) { - RWLOCK_EXIT(&ipf_global); SPL_X(s); return error; } - RWLOCK_EXIT(&ipf_global); SPL_X(s); return error; --- 345,357 ---- diff -cr ip_fil4.1.28/ip_fil_netbsd.c ip_fil4.1.28a/ip_fil_netbsd.c *** ip_fil4.1.28/ip_fil_netbsd.c Sat Sep 15 20:33:58 2007 --- ip_fil4.1.28a/ip_fil_netbsd.c Sat Oct 20 22:52:03 2007 *************** *** 406,412 **** --- 406,416 ---- SPL_X(s); #if (__NetBSD_Version__ >= 104010000) + # if (__NetBSD_Version__ >= 499003300) + callout_init(&fr_slowtimer_ch, 0); + # else callout_init(&fr_slowtimer_ch); + # endif callout_reset(&fr_slowtimer_ch, (hz / IPF_HZ_DIVIDE) * IPF_HZ_MULT, fr_slowtimer, NULL); #else diff -cr ip_fil4.1.28/ip_nat.c ip_fil4.1.28a/ip_nat.c *** ip_fil4.1.28/ip_nat.c Tue Oct 16 03:08:10 2007 --- ip_fil4.1.28a/ip_nat.c Sat Oct 20 22:48:19 2007 *************** *** 187,194 **** static void nat_addrdr __P((struct ipnat *)); static void nat_delrdr __P((struct ipnat *)); static void nat_delnat __P((struct ipnat *)); ! static int fr_natgetent __P((caddr_t)); ! static int fr_natgetsz __P((caddr_t)); static int fr_natputent __P((caddr_t, int)); static int nat_extraflush __P((int)); static int nat_gettable __P((char *)); --- 187,194 ---- static void nat_addrdr __P((struct ipnat *)); static void nat_delrdr __P((struct ipnat *)); static void nat_delnat __P((struct ipnat *)); ! static int fr_natgetent __P((caddr_t, int)); ! static int fr_natgetsz __P((caddr_t, int)); static int fr_natputent __P((caddr_t, int)); static int nat_extraflush __P((int)); static int nat_gettable __P((char *)); *************** *** 817,836 **** { natlookup_t nl; - if (getlock) { - READ_ENTER(&ipf_nat); - } error = fr_inobj(data, &nl, IPFOBJ_NATLOOKUP); if (error == 0) { ! if (nat_lookupredir(&nl) != NULL) { error = fr_outobj(data, &nl, IPFOBJ_NATLOOKUP); } else { error = ESRCH; } } - if (getlock) { - RWLOCK_EXIT(&ipf_nat); - } break; } --- 817,839 ---- { natlookup_t nl; error = fr_inobj(data, &nl, IPFOBJ_NATLOOKUP); if (error == 0) { ! void *ptr; ! ! if (getlock) { ! READ_ENTER(&ipf_nat); ! } ! ptr = nat_lookupredir(&nl); ! if (getlock) { ! RWLOCK_EXIT(&ipf_nat); ! } ! if (ptr != NULL) { error = fr_outobj(data, &nl, IPFOBJ_NATLOOKUP); } else { error = ESRCH; } } break; } *************** *** 885,910 **** case SIOCSTGSZ : if (fr_nat_lock) { ! if (getlock) { ! READ_ENTER(&ipf_nat); ! } ! error = fr_natgetsz(data); ! if (getlock) { ! RWLOCK_EXIT(&ipf_nat); ! } } else error = EACCES; break; case SIOCSTGET : if (fr_nat_lock) { ! if (getlock) { ! READ_ENTER(&ipf_nat); ! } ! error = fr_natgetent(data); ! if (getlock) { ! RWLOCK_EXIT(&ipf_nat); ! } } else error = EACCES; break; --- 888,901 ---- case SIOCSTGSZ : if (fr_nat_lock) { ! error = fr_natgetsz(data, getlock); } else error = EACCES; break; case SIOCSTGET : if (fr_nat_lock) { ! error = fr_natgetent(data, getlock); } else error = EACCES; break; *************** *** 1199,1206 **** /* The size of the entry is stored in the ng_sz field and the enture natget */ /* structure is copied back to the user. */ /* ------------------------------------------------------------------------ */ ! static int fr_natgetsz(data) caddr_t data; { ap_session_t *aps; nat_t *nat, *n; --- 1190,1198 ---- /* The size of the entry is stored in the ng_sz field and the enture natget */ /* structure is copied back to the user. */ /* ------------------------------------------------------------------------ */ ! static int fr_natgetsz(data, getlock) caddr_t data; + int getlock; { ap_session_t *aps; nat_t *nat, *n; *************** *** 1209,1214 **** --- 1201,1210 ---- if (BCOPYIN(data, &ng, sizeof(ng)) != 0) return EFAULT; + if (getlock) { + READ_ENTER(&ipf_nat); + } + nat = ng.ng_ptr; if (!nat) { nat = nat_instances; *************** *** 1217,1222 **** --- 1213,1221 ---- * Empty list so the size returned is 0. Simple. */ if (nat == NULL) { + if (getlock) { + RWLOCK_EXIT(&ipf_nat); + } if (BCOPYOUT(&ng, data, sizeof(ng)) != 0) return EFAULT; return 0; *************** *** 1230,1237 **** for (n = nat_instances; n; n = n->nat_next) if (n == nat) break; ! if (!n) return ESRCH; } /* --- 1229,1240 ---- for (n = nat_instances; n; n = n->nat_next) if (n == nat) break; ! if (n == NULL) { ! if (getlock) { ! RWLOCK_EXIT(&ipf_nat); ! } return ESRCH; + } } /* *************** *** 1244,1249 **** --- 1247,1255 ---- if (aps->aps_data != 0) ng.ng_sz += aps->aps_psiz; } + if (getlock) { + RWLOCK_EXIT(&ipf_nat); + } if (BCOPYOUT(&ng, data, sizeof(ng)) != 0) return EFAULT; *************** *** 1261,1268 **** /* Copies out NAT entry to user space. Any additional data held for a */ /* proxy is also copied, as to is the NAT rule which was responsible for it */ /* ------------------------------------------------------------------------ */ ! static int fr_natgetent(data) caddr_t data; { int error, outsize; ap_session_t *aps; --- 1267,1275 ---- /* Copies out NAT entry to user space. Any additional data held for a */ /* proxy is also copied, as to is the NAT rule which was responsible for it */ /* ------------------------------------------------------------------------ */ ! static int fr_natgetent(data, getlock) caddr_t data; + int getlock; { int error, outsize; ap_session_t *aps; *************** *** 1280,1285 **** --- 1287,1296 ---- if (ipn == NULL) return ENOMEM; + if (getlock) { + READ_ENTER(&ipf_nat); + } + ipn->ipn_dsize = ipns.ipn_dsize; nat = ipns.ipn_next; if (nat == NULL) { *************** *** 1350,1359 **** --- 1361,1377 ---- error = ENOBUFS; } if (error == 0) { + if (getlock) { + RWLOCK_EXIT(&ipf_nat); + getlock = 0; + } error = fr_outobjsz(data, ipn, IPFOBJ_NATSAVE, ipns.ipn_dsize); } finished: + if (getlock) { + RWLOCK_EXIT(&ipf_nat); + } if (ipn != NULL) { KFREES(ipn, ipns.ipn_dsize); } diff -cr ip_fil4.1.28/ip_pool.c ip_fil4.1.28a/ip_pool.c *** ip_fil4.1.28/ip_pool.c Wed Oct 10 02:45:37 2007 --- ip_fil4.1.28a/ip_pool.c Wed Oct 24 19:59:13 2007 *************** *** 977,989 **** { RADIX_NODE_HEAD_LOCK(rnh); (*rnh->rnh_walktree)(rnh, rn_freenode, rnh); rnh->rnh_addaddr = NULL; rnh->rnh_deladdr = NULL; rnh->rnh_matchaddr = NULL; rnh->rnh_lookup = NULL; - rnh->rnh_walktree = NULL; RADIX_NODE_HEAD_UNLOCK(rnh); Free(rnh); --- 977,992 ---- { RADIX_NODE_HEAD_LOCK(rnh); + # if defined(__NetBSD_Version__) && (__NetBSD_Version__ > 499003300) + rn_walktree(rnh, rn_freenode, rnh); + # else (*rnh->rnh_walktree)(rnh, rn_freenode, rnh); + # endif rnh->rnh_addaddr = NULL; rnh->rnh_deladdr = NULL; rnh->rnh_matchaddr = NULL; rnh->rnh_lookup = NULL; RADIX_NODE_HEAD_UNLOCK(rnh); Free(rnh); Only in ip_fil4.1.28a: ip_rules.h diff -cr ip_fil4.1.28/ip_state.c ip_fil4.1.28a/ip_state.c *** ip_fil4.1.28/ip_state.c Tue Oct 16 02:33:23 2007 --- ip_fil4.1.28a/ip_state.c Sat Oct 20 22:47:57 2007 *************** *** 653,662 **** --- 653,664 ---- if (error != 0) return error; + READ_ENTER(&ipf_state); isn = ips.ips_next; if (isn == NULL) { isn = ips_list; if (isn == NULL) { + RWLOCK_EXIT(&ipf_state); if (ips.ips_next == NULL) return ENOENT; return 0; *************** *** 670,677 **** for (is = ips_list; is; is = is->is_next) if (is == isn) break; ! if (!is) return ESRCH; } ips.ips_next = isn->is_next; bcopy((char *)isn, (char *)&ips.ips_is, sizeof(ips.ips_is)); --- 672,681 ---- for (is = ips_list; is; is = is->is_next) if (is == isn) break; ! if (is == NULL) { ! RWLOCK_EXIT(&ipf_state); return ESRCH; + } } ips.ips_next = isn->is_next; bcopy((char *)isn, (char *)&ips.ips_is, sizeof(ips.ips_is)); *************** *** 679,684 **** --- 683,689 ---- if (isn->is_rule != NULL) bcopy((char *)isn->is_rule, (char *)&ips.ips_fr, sizeof(ips.ips_fr)); + RWLOCK_EXIT(&ipf_state); error = fr_outobj(data, &ips, IPFOBJ_STATESAVE); return error; } Only in ip_fil4.1.28a: ipf Only in ip_fil4.1.28a: ipftest Only in ip_fil4.1.28a: ipmon Only in ip_fil4.1.28a: ipnat Only in ip_fil4.1.28a: ippool Only in ip_fil4.1.28a: ipscan Only in ip_fil4.1.28a: ipsyncm Only in ip_fil4.1.28a: ipsyncs diff -cr ip_fil4.1.28/lib/getproto.c ip_fil4.1.28a/lib/getproto.c *** ip_fil4.1.28/lib/getproto.c Fri Jun 16 10:21:00 2006 --- ip_fil4.1.28a/lib/getproto.c Sat Oct 20 22:59:02 2007 *************** *** 23,32 **** #ifdef _AIX51 /* * For some bogus reason, "ip" is 252 in /etc/protocols on AIX 5 */ if (!strcasecmp(name, "ip")) return 0; - #endif p = getprotobyname(name); if (p != NULL) --- 23,35 ---- #ifdef _AIX51 /* * For some bogus reason, "ip" is 252 in /etc/protocols on AIX 5 + * The IANA has doubled up on the definition of 0 - it is now also + * used for IPv6 hop-opts, so we can no longer rely on /etc/protocols + * providing the correct name->number mapping */ + #endif if (!strcasecmp(name, "ip")) return 0; p = getprotobyname(name); if (p != NULL) diff -cr ip_fil4.1.28/lib/printproto.c ip_fil4.1.28a/lib/printproto.c *** ip_fil4.1.28/lib/printproto.c Fri Jun 16 10:21:14 2006 --- ip_fil4.1.28a/lib/printproto.c Sat Oct 20 22:59:49 2007 *************** *** 29,38 **** #ifdef _AIX51 /* * To make up for "ip = 252" and "hopopt = 0" in /etc/protocols */ else if (np->in_p == 0) printf("ip"); - #endif else if (pr != NULL) printf("%s", pr->p_name); else --- 29,41 ---- #ifdef _AIX51 /* * To make up for "ip = 252" and "hopopt = 0" in /etc/protocols + * The IANA has doubled up on the definition of 0 - it is now + * also used for IPv6 hop-opts, so we can no longer rely on + * /etc/protocols providing the correct name->number mapping */ + #endif else if (np->in_p == 0) printf("ip"); else if (pr != NULL) printf("%s", pr->p_name); else Only in ip_fil4.1.28a/net: done Only in ip_fil4.1.28a/net: radix_ipf.h Only in ip_fil4.1.28a/netinet: bpf-ipf.h Only in ip_fil4.1.28a/netinet: done Only in ip_fil4.1.28a/netinet: ip_auth.h Only in ip_fil4.1.28a/netinet: ip_compat.h Only in ip_fil4.1.28a/netinet: ip_fil.h Only in ip_fil4.1.28a/netinet: ip_frag.h Only in ip_fil4.1.28a/netinet: ip_ftp_pxy.c Only in ip_fil4.1.28a/netinet: ip_h323_pxy.c Only in ip_fil4.1.28a/netinet: ip_htable.h Only in ip_fil4.1.28a/netinet: ip_ipsec_pxy.c Only in ip_fil4.1.28a/netinet: ip_irc_pxy.c Only in ip_fil4.1.28a/netinet: ip_lookup.h Only in ip_fil4.1.28a/netinet: ip_nat.h Only in ip_fil4.1.28a/netinet: ip_netbios_pxy.c Only in ip_fil4.1.28a/netinet: ip_pool.h Only in ip_fil4.1.28a/netinet: ip_pptp_pxy.c Only in ip_fil4.1.28a/netinet: ip_proxy.h Only in ip_fil4.1.28a/netinet: ip_raudio_pxy.c Only in ip_fil4.1.28a/netinet: ip_rcmd_pxy.c Only in ip_fil4.1.28a/netinet: ip_rpcb_pxy.c Only in ip_fil4.1.28a/netinet: ip_rules.h Only in ip_fil4.1.28a/netinet: ip_scan.h Only in ip_fil4.1.28a/netinet: ip_state.h Only in ip_fil4.1.28a/netinet: ip_sync.h Only in ip_fil4.1.28a/netinet: ipf.h Only in ip_fil4.1.28a/netinet: ipl.h Only in ip_fil4.1.28a/netinet: ipmon.h Only in ip_fil4.1.28a/netinet: ipt.h Only in ip_fil4.1.28a/netinet: kmem.h Only in ip_fil4.1.28a/netinet: linux.h Only in ip_fil4.1.28a/netinet: md5.h Only in ip_fil4.1.28a/netinet: opts.h Only in ip_fil4.1.28a/netinet: pcap-ipf.h Only in ip_fil4.1.28a/netinet: radix_ipf.h Only in ip_fil4.1.28a/netinet: snoop.h Only in ip_fil4.1.28a/netinet: tcpip.h Only in ip_fil4.1.28a/test/expected: i19 Only in ip_fil4.1.28a/test: f1 Only in ip_fil4.1.28a/test: f10 Only in ip_fil4.1.28a/test: f11 Only in ip_fil4.1.28a/test: f12 Only in ip_fil4.1.28a/test: f13 Only in ip_fil4.1.28a/test: f14 Only in ip_fil4.1.28a/test: f15 Only in ip_fil4.1.28a/test: f16 Only in ip_fil4.1.28a/test: f17 Only in ip_fil4.1.28a/test: f18 Only in ip_fil4.1.28a/test: f19 Only in ip_fil4.1.28a/test: f2 Only in ip_fil4.1.28a/test: f20 Only in ip_fil4.1.28a/test: f24 Only in ip_fil4.1.28a/test: f3 Only in ip_fil4.1.28a/test: f4 Only in ip_fil4.1.28a/test: f5 Only in ip_fil4.1.28a/test: f6 Only in ip_fil4.1.28a/test: f7 Only in ip_fil4.1.28a/test: f8 Only in ip_fil4.1.28a/test: f9 Only in ip_fil4.1.28a/test: i1 Only in ip_fil4.1.28a/test: i10 Only in ip_fil4.1.28a/test: i11 Only in ip_fil4.1.28a/test: i12 Only in ip_fil4.1.28a/test: i13 Only in ip_fil4.1.28a/test: i14 Only in ip_fil4.1.28a/test: i15 Only in ip_fil4.1.28a/test: i16 Only in ip_fil4.1.28a/test: i17 Only in ip_fil4.1.28a/test: i18 Only in ip_fil4.1.28a/test: i19 Only in ip_fil4.1.28a/test: i2 Only in ip_fil4.1.28a/test: i20 Only in ip_fil4.1.28a/test: i21 Only in ip_fil4.1.28a/test: i3 Only in ip_fil4.1.28a/test: i4 Only in ip_fil4.1.28a/test: i5 Only in ip_fil4.1.28a/test: i6 Only in ip_fil4.1.28a/test: i7 Only in ip_fil4.1.28a/test: i8 Only in ip_fil4.1.28a/test: i9 Only in ip_fil4.1.28a/test: in1 Only in ip_fil4.1.28a/test: in2 Only in ip_fil4.1.28a/test: in3 Only in ip_fil4.1.28a/test: in4 Only in ip_fil4.1.28a/test: in5 Only in ip_fil4.1.28a/test: in6 diff -cr ip_fil4.1.28/test/input/n9 ip_fil4.1.28a/test/input/n9 *** ip_fil4.1.28/test/input/n9 Mon May 17 08:46:32 2004 --- ip_fil4.1.28a/test/input/n9 Sat Oct 20 22:56:06 2007 *************** *** 1,5 **** #v tos len id off ttl p sum src dst ! # ICMP ECHO (ping) exchange [in,icmp0] 4500 0054 8bc1 0000 ff01 23dc 0202 0202 0404 0404 0800 efdf 6220 0000 3f6f 6e80 000b 0d02 0809 0a0b 0c0d 0e0f 1011 1213 1415 --- 1,5 ---- #v tos len id off ttl p sum src dst ! # ICMP ECHO (ping) exchange - #1 [in,icmp0] 4500 0054 8bc1 0000 ff01 23dc 0202 0202 0404 0404 0800 efdf 6220 0000 3f6f 6e80 000b 0d02 0809 0a0b 0c0d 0e0f 1011 1213 1415 *************** *** 7,12 **** --- 7,13 ---- 2627 2829 2a2b 2c2d 2e2f 3031 3233 3435 3637 + # - #2 [out,icmp0] 4500 0054 3fd5 4000 ff01 23c5 0a0a 0a01 0202 0202 0000 f7df 6220 0000 3f6f 6e80 000b 0d02 0809 0a0b 0c0d 0e0f 1011 1213 1415 *************** *** 14,19 **** --- 15,21 ---- 2627 2829 2a2b 2c2d 2e2f 3031 3233 3435 3637 + # - #3 [in,icmp0] 4500 0054 8bc1 0000 ff01 23dc 0202 0202 0404 0404 0800 efde 6220 0001 3f6f 6e80 000b 0d02 0809 0a0b 0c0d 0e0f 1011 1213 1415 *************** *** 21,26 **** --- 23,29 ---- 2627 2829 2a2b 2c2d 2e2f 3031 3233 3435 3637 + # - #4 [out,icmp0] 4500 0054 3fd5 4000 ff01 23c5 0a0a 0a01 0202 0202 0000 f7de 6220 0001 3f6f 6e80 000b 0d02 0809 0a0b 0c0d 0e0f 1011 1213 1415 Only in ip_fil4.1.28a/test: ip1 Only in ip_fil4.1.28a/test: ip2 Only in ip_fil4.1.28a/test: ipf5 Only in ip_fil4.1.28a/test: ipv6.1 Only in ip_fil4.1.28a/test: ipv6.2 Only in ip_fil4.1.28a/test: ipv6.3 Only in ip_fil4.1.28a/test: ipv6.5 Only in ip_fil4.1.28a/test: ipv6.6 Only in ip_fil4.1.28a/test: l1 Only in ip_fil4.1.28a/test: n1 Only in ip_fil4.1.28a/test: n10 Only in ip_fil4.1.28a/test: n11 Only in ip_fil4.1.28a/test: n12 Only in ip_fil4.1.28a/test: n13 Only in ip_fil4.1.28a/test: n14 Only in ip_fil4.1.28a/test: n16 Only in ip_fil4.1.28a/test: n2 Only in ip_fil4.1.28a/test: n3 Only in ip_fil4.1.28a/test: n4 Only in ip_fil4.1.28a/test: n5 Only in ip_fil4.1.28a/test: n6 Only in ip_fil4.1.28a/test: n7 Only in ip_fil4.1.28a/test: n8 Only in ip_fil4.1.28a/test: n9 Only in ip_fil4.1.28a/test: ni1 Only in ip_fil4.1.28a/test: ni10 Only in ip_fil4.1.28a/test: ni11 Only in ip_fil4.1.28a/test: ni12 Only in ip_fil4.1.28a/test: ni13 Only in ip_fil4.1.28a/test: ni14 Only in ip_fil4.1.28a/test: ni15 Only in ip_fil4.1.28a/test: ni16 Only in ip_fil4.1.28a/test: ni19 Only in ip_fil4.1.28a/test: ni2 Only in ip_fil4.1.28a/test: ni20 Only in ip_fil4.1.28a/test: ni21 Only in ip_fil4.1.28a/test: ni23 Only in ip_fil4.1.28a/test: ni3 Only in ip_fil4.1.28a/test: ni4 Only in ip_fil4.1.28a/test: ni5 Only in ip_fil4.1.28a/test: ni6 Only in ip_fil4.1.28a/test: ni7 Only in ip_fil4.1.28a/test: ni8 Only in ip_fil4.1.28a/test: ni9 Only in ip_fil4.1.28a/test: p1 Only in ip_fil4.1.28a/test: p2 Only in ip_fil4.1.28a/test: p3 Only in ip_fil4.1.28a/test: p5 Only in ip_fil4.1.28a/test: results diff -cr ip_fil4.1.28/tools/ipmon.c ip_fil4.1.28a/tools/ipmon.c *** ip_fil4.1.28/tools/ipmon.c Thu Sep 20 05:51:56 2007 --- ip_fil4.1.28a/tools/ipmon.c Sat Oct 20 23:02:04 2007 *************** *** 419,430 **** p->p_name != NULL && protocols[p->p_proto] == NULL) protocols[p->p_proto] = strdup(p->p_name); endprotoent(); - #if defined(_AIX51) if (protocols[0]) free(protocols[0]); if (protocols[252]) free(protocols[252]); - protocols[0] = "ip"; protocols[252] = NULL; #endif } --- 419,430 ---- p->p_name != NULL && protocols[p->p_proto] == NULL) protocols[p->p_proto] = strdup(p->p_name); endprotoent(); if (protocols[0]) free(protocols[0]); + protocols[0] = strdup("ip"); + #if defined(_AIX51) if (protocols[252]) free(protocols[252]); protocols[252] = NULL; #endif }Received on Thu Oct 25 2007 - 01:37:17 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:20 UTC