diff options
author | mlaier <mlaier@FreeBSD.org> | 2005-09-08 14:59:36 +0000 |
---|---|---|
committer | mlaier <mlaier@FreeBSD.org> | 2005-09-08 14:59:36 +0000 |
commit | 608d90c70d6c8580e38e1235b6b5bdf0ee5f7d3f (patch) | |
tree | e561a31f16144bb610bf603fc2821c3d170dc0c8 /sys/contrib/pf/net/pf_ioctl.c | |
parent | a0d335db265c273703bfe7e7a78575f766921ee7 (diff) | |
download | FreeBSD-src-608d90c70d6c8580e38e1235b6b5bdf0ee5f7d3f.zip FreeBSD-src-608d90c70d6c8580e38e1235b6b5bdf0ee5f7d3f.tar.gz |
Loopback four fixes from OpenBSD for problems reported to the freebsd-pf
mailing list onto the vendor branch:
pf_ioctl.c Revision 1.153 Sun Aug 7 11:37:33 2005 UTC by dhartmei
| verify ticket in DIOCADDADDR, from Boris Polevoy, ok deraadt@
pf_ioctl.c Revision 1.158 Mon Sep 5 14:51:08 2005 UTC by dhartmei
| in DIOCCHANGERULE, properly initialize table, if used in NAT rule.
| from Boris Polevoy <vapcom at mail dot ru>, ok mcbride@
pf.c Revision 1.502 Mon Aug 22 11:54:25 2005 UTC by dhartmei
| when nat'ing icmp 'connections', replace icmp id with proxy values
| (similar to proxy ports for tcp/udp). not all clients use
| per-invokation random ids, this allows multiple concurrent
| connections from such clients.
| thanks for testing to Rod Whitworth, "looks ok" markus@
pf.c Revision 1.501 Mon Aug 22 09:48:05 2005 UTC by dhartmei
| fix rdr to bitmask replacement address pool. patch from Max Laier,
| reported by Boris Polevoy, tested by Jean Debogue, ok henning@
Diffstat (limited to 'sys/contrib/pf/net/pf_ioctl.c')
-rw-r--r-- | sys/contrib/pf/net/pf_ioctl.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/sys/contrib/pf/net/pf_ioctl.c b/sys/contrib/pf/net/pf_ioctl.c index f73c67b..d4cb3c7 100644 --- a/sys/contrib/pf/net/pf_ioctl.c +++ b/sys/contrib/pf/net/pf_ioctl.c @@ -1454,6 +1454,9 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) error = EINVAL; if (pf_anchor_setup(newrule, ruleset, pcr->anchor_call)) error = EINVAL; + TAILQ_FOREACH(pa, &pf_pabuf, entries) + if (pf_tbladdr_setup(ruleset, &pa->addr)) + error = EINVAL; if (newrule->overload_tblname[0]) { if ((newrule->overload_tbl = pfr_attach_table( @@ -2035,6 +2038,10 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) case DIOCADDADDR: { struct pfioc_pooladdr *pp = (struct pfioc_pooladdr *)addr; + if (pp->ticket != ticket_pabuf) { + error = EBUSY; + break; + } #ifndef INET if (pp->af == AF_INET) { error = EAFNOSUPPORT; |