From babd3f94a455b218d2edf5713fe35d9acffd4b14 Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 11 Sep 2015 16:49:52 +0000 Subject: Fix ipfilter bug 3600459 NAT bucket count wrong. Obtained from: ipfilter cvs repo r1.48.2.25 MFC after: 2 weeks --- sys/contrib/ipfilter/netinet/ip_fil_freebsd.c | 12 ++++++++++++ sys/contrib/ipfilter/netinet/ip_state.c | 3 ++- 2 files changed, 14 insertions(+), 1 deletion(-) (limited to 'sys/contrib') diff --git a/sys/contrib/ipfilter/netinet/ip_fil_freebsd.c b/sys/contrib/ipfilter/netinet/ip_fil_freebsd.c index 93ea572..72f67d7 100644 --- a/sys/contrib/ipfilter/netinet/ip_fil_freebsd.c +++ b/sys/contrib/ipfilter/netinet/ip_fil_freebsd.c @@ -1104,6 +1104,18 @@ ipf_checkv4sum(fin) return -1; } if (m->m_pkthdr.csum_flags & CSUM_DATA_VALID) { + /* UDP may have zero checksum */ + if (fin->fin_p == IPPROTO_UDP && (fin->fin_flx & (FI_FRAG|FI_SHORT|FI_BAD)) == 0) { + udphdr_t *udp = fin->fin_dp; + if (udp->uh_sum == 0) { + /* we're good no matter what the hardware checksum flags + and csum_data say (handling of csum_data for zero UDP + checksum is not consistent across all drivers) */ + fin->fin_cksum = 1; + return 0; + } + } + if (m->m_pkthdr.csum_flags & CSUM_PSEUDO_HDR) sum = m->m_pkthdr.csum_data; else diff --git a/sys/contrib/ipfilter/netinet/ip_state.c b/sys/contrib/ipfilter/netinet/ip_state.c index ad2bf38..a3930ea 100644 --- a/sys/contrib/ipfilter/netinet/ip_state.c +++ b/sys/contrib/ipfilter/netinet/ip_state.c @@ -3646,7 +3646,8 @@ ipf_state_del(softc, is, why) is->is_me = NULL; is->is_ref--; } - if (is->is_ref > 1) { + is->is_ref--; + if (is->is_ref > 0) { int refs; is->is_ref--; -- cgit v1.1