Date: Sun, 19 Aug 2018 13:45:03 +0000 (UTC) From: Cy Schubert <cy@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r338047 - head/sys/contrib/ipfilter/netinet Message-ID: <201808191345.w7JDj3Hs033346@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: cy Date: Sun Aug 19 13:45:03 2018 New Revision: 338047 URL: https://svnweb.freebsd.org/changeset/base/338047 Log: The bucket index is subtracted by one at lines 2304 and 2314. When 0 it becomes -1, except these are unsigned integers, so they become very large numbers. Thus are always larger than the maximum bucket; the hash table insertion fails causing NAT to fail. This commit ensures that if the index is already zero it is not reduced prior to insertion into the hash table. PR: 208566 Modified: head/sys/contrib/ipfilter/netinet/ip_nat.c Modified: head/sys/contrib/ipfilter/netinet/ip_nat.c ============================================================================== --- head/sys/contrib/ipfilter/netinet/ip_nat.c Sun Aug 19 13:44:59 2018 (r338046) +++ head/sys/contrib/ipfilter/netinet/ip_nat.c Sun Aug 19 13:45:03 2018 (r338047) @@ -2304,14 +2304,16 @@ ipf_nat_delete(softc, nat, logtype) bkt = nat->nat_hv[0] % softn->ipf_nat_table_sz; nss = &softn->ipf_nat_stats.ns_side[0]; - nss->ns_bucketlen[bkt]--; + if (nss->ns_bucketlen[bkt] > 0) + nss->ns_bucketlen[bkt]--; if (nss->ns_bucketlen[bkt] == 0) { nss->ns_inuse--; } bkt = nat->nat_hv[1] % softn->ipf_nat_table_sz; nss = &softn->ipf_nat_stats.ns_side[1]; - nss->ns_bucketlen[bkt]--; + if (nss->ns_bucketlen[bkt] > 0) + nss->ns_bucketlen[bkt]--; if (nss->ns_bucketlen[bkt] == 0) { nss->ns_inuse--; }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201808191345.w7JDj3Hs033346>