From owner-svn-src-head@FreeBSD.ORG  Wed Jun 10 14:53:42 2015
Return-Path: <owner-svn-src-head@FreeBSD.ORG>
Delivered-To: svn-src-head@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 0ECBB246
 for <svn-src-head@freebsd.org>; Wed, 10 Jun 2015 14:53:42 +0000 (UTC)
 (envelope-from oliver.pinter@hardenedbsd.org)
Received: from mail-wi0-f179.google.com (mail-wi0-f179.google.com
 [209.85.212.179])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id A35A11C2F
 for <svn-src-head@freebsd.org>; Wed, 10 Jun 2015 14:53:41 +0000 (UTC)
 (envelope-from oliver.pinter@hardenedbsd.org)
Received: by wiwd19 with SMTP id d19so51154064wiw.0
 for <svn-src-head@freebsd.org>; Wed, 10 Jun 2015 07:53:33 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:mime-version:in-reply-to:references:date
 :message-id:subject:from:to:cc:content-type;
 bh=4tUAkqzL962HxMbtk4+s6/85VLLnK/98cDYSHjaZTr4=;
 b=CQv3ynJ2rvarIyhvA5sp4xP1cVtYz2ivJKogXMIRvXQGM2e2iwI1/mbCAN/8ihjI3q
 xhQH63OVRyFAYHORu7EQ53UruAD1zeaayEuRD0raaHyHNQVUPsZWHXz+AjWvbyTmY2Ag
 vYijhGMjASuMHIJKA+ypi+JZn2qlkS/oeurXNS1S7cRBscglfI3ksxxy+e+N5OOQjLjO
 Ym0zGa2XhrPiSaHZ7smTgJVuwTv6DQA5TjroYsypeajBwqcLoqs+hTE/OqB9YJXd5DYB
 DrcT3TjUcUjGP7qJWeUez+urtfhv8ixAsXAs6+WRK929wXIZ5z6CV9SMBQriRVDxfbZb
 aTOA==
X-Gm-Message-State: ALoCoQlt+UGPZ1fK3+AXr/yLB2KyAvBMa4XruX4kUj969m0hWsIa3XIavYYUM7Etw/1ATsf+p87a
MIME-Version: 1.0
X-Received: by 10.180.7.199 with SMTP id l7mr9480694wia.28.1433948013662; Wed,
 10 Jun 2015 07:53:33 -0700 (PDT)
Received: by 10.194.162.225 with HTTP; Wed, 10 Jun 2015 07:53:33 -0700 (PDT)
In-Reply-To: <201506101344.t5ADi4fk023661@svn.freebsd.org>
References: <201506101344.t5ADi4fk023661@svn.freebsd.org>
Date: Wed, 10 Jun 2015 16:53:33 +0200
Message-ID: <CAPQ4ffur1oOip1Zbz7-kJC=cUCgLvvku3iOB-gNp66frGT2NfA@mail.gmail.com>
Subject: Re: svn commit: r284222 - head/sys/netpfil/pf
From: Oliver Pinter <oliver.pinter@hardenedbsd.org>
To: Kristof Provost <kp@freebsd.org>
Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, 
 svn-src-head@freebsd.org
Content-Type: text/plain; charset=UTF-8
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
 <svn-src-head.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head/>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Jun 2015 14:53:42 -0000

On 6/10/15, Kristof Provost <kp@freebsd.org> wrote:
> Author: kp
> Date: Wed Jun 10 13:44:04 2015
> New Revision: 284222
> URL: https://svnweb.freebsd.org/changeset/base/284222
>
> Log:
>   pf: address family must be set when creating a pf_fragment
>
>   Fix a panic when handling fragmented ip4 packets with 'drop-ovl' set.
>   In that scenario we take a different branch in pf_normalize_ip(), taking
> us to
>   pf_fragcache() (rather than pf_reassemble()). In pf_fragcache() we create
> a
>   pf_fragment, but do not set the address family. This leads to a panic when
> we
>   try to insert that into pf_frag_tree because pf_addr_cmp(), which is used
> to
>   compare the pf_fragments doesn't know what to do if the address family is
> not
>   set.
>
>   Simply ensure that the address family is set correctly (always AF_INET in
> this
>   path).
>
>   PR:			200330
>   Differential Revision:	https://reviews.freebsd.org/D2769
>   Approved by:		philip (mentor), gnn (mentor)
>
> Modified:
>   head/sys/netpfil/pf/pf_norm.c

This commit required to 10-STABLE too or this bug exists only in
11-CURRENT? If the former, you have any plan to MFC the patch?

>
> Modified: head/sys/netpfil/pf/pf_norm.c
> ==============================================================================
> --- head/sys/netpfil/pf/pf_norm.c	Wed Jun 10 13:17:41 2015	(r284221)
> +++ head/sys/netpfil/pf/pf_norm.c	Wed Jun 10 13:44:04 2015	(r284222)
> @@ -823,6 +823,7 @@ pf_fragcache(struct mbuf **m0, struct ip
>  		(*frag)->fr_max = 0;
>  		(*frag)->fr_src.v4 = h->ip_src;
>  		(*frag)->fr_dst.v4 = h->ip_dst;
> +		(*frag)->fr_af = AF_INET;
>  		(*frag)->fr_id = h->ip_id;
>  		(*frag)->fr_timeout = time_uptime;
>
> _______________________________________________
> svn-src-head@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/svn-src-head
> To unsubscribe, send any mail to "svn-src-head-unsubscribe@freebsd.org"
>