Attachment 205341 Details for Bug 238796 – Updated patch

[patch] Updated patch

PR238796.diff (text/plain), 3.31 KB, created by Cy Schubert on 2019-06-26 05:15:44 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Cy Schubert

Created: 2019-06-26 05:15:44 UTC

Size: 3.31 KB

patch

obsolete

>diff --git a/sys/contrib/ipfilter/netinet/fil.c b/sys/contrib/ipfilter/netinet/fil.c
>index 1d142165c34..e0f90e7e2eb 100644
>--- a/sys/contrib/ipfilter/netinet/fil.c
>+++ b/sys/contrib/ipfilter/netinet/fil.c
>@@ -4411,6 +4411,35 @@ ipf_matchicmpqueryreply(v, ic, icmp, rev)
> 	return 0;
> }
> 
>+static inline int
>+ipf_ifnames_compare(const int *ifnames1, const int *ifnames2,
>+	const char *base1, const char *base2)
>+{
>+	int i;
>+
>+	for(i = 0; i < 4; i++) {
>+		if ((ifnames1[i] != -1 && ifnames2[i] == -1) ||
>+		   (ifnames1[i] == -1 && ifnames2[i] != -1) ||
>+		   (ifnames1[i] == -1 && ifnames2[i] == -1 &&
>+		    strcmp(base1 + ifnames1[i], base2 + ifnames2[i])))
>+			return(1);
>+	}
>+	return(0);
>+}
>+
>+static inline int
>+ipf_dest_compare(const frdest_t *d1, const frdest_t *d2,
>+	const char *base1, const char *base2)
>+{
>+	if (d1->fd_addr != d2->fd_addr || d1->fd_type != d2->fd_type ||
>+	   (d1->fd_name != -1 && d2->fd_name == -1) ||
>+	   (d1->fd_name == -1 && d2->fd_name != -1) ||
>+	   (d1->fd_name != -1 && d2->fd_name != -1 &&
>+	    d1->fd_type == FRD_NORMAL &&
>+	    strcmp(base1 + d1->fd_name, base2 + d2->fd_name)))
>+		return(1);
>+	return(0);
>+}
> 
> /* ------------------------------------------------------------------------ */
> /* Function:    ipf_rule_compare                                            */
>@@ -4430,8 +4459,25 @@ ipf_rule_compare(frentry_t *fr1, frentry_t *fr2)
> 		return 2;
> 	if (fr1->fr_dsize != fr2->fr_dsize)
> 		return 3;
>-	if (bcmp((char *)&fr1->fr_func, (char *)&fr2->fr_func,
>-		 fr1->fr_size - offsetof(struct frentry, fr_func)) != 0)
>+	if (memcmp(&fr1->fr_func, &fr2->fr_func,
>+	    offsetof(struct frentry, fr_ifnames) -
>+	    offsetof(struct frentry, fr_func)) != 0)
>+		return 4;
>+	if (ipf_ifnames_compare(fr1->fr_ifnames, fr2->fr_ifnames,
>+	    fr1->fr_names, fr2->fr_names))
>+		return 4;
>+	if (memcmp(&fr1->fr_func, &fr2->fr_func,
>+	    offsetof(struct frentry, fr_tifs) -
>+	    offsetof(struct frentry, fr_isctag)) != 0)
>+		return 4;
>+	if (ipf_dest_compare(&fr1->fr_tifs[0], &fr2->fr_tifs[0],
>+	    fr1->fr_names, fr2->fr_names))
>+		return 4;
>+	if (ipf_dest_compare(&fr1->fr_tifs[1], &fr2->fr_tifs[1],
>+	    fr1->fr_names, fr2->fr_names))
>+		return 4;
>+	if (ipf_dest_compare(&fr1->fr_dif, &fr2->fr_dif,
>+	    fr1->fr_names, fr2->fr_names))
> 		return 4;
> 	if (fr1->fr_data && !fr2->fr_data)
> 		return 5;
>@@ -4914,11 +4960,26 @@ frrequest(softc, unit, req, data, set, makecopy)
> 	 * the constant part of the filter rule to make comparisons quicker
> 	 * (this meaning no pointers are included).
> 	 */
>-	for (fp->fr_cksum = 0, p = (u_int *)&fp->fr_func, pp = &fp->fr_cksum;
>+	fp->fr_cksum = 0;
>+	for (p = (u_int *)&fp->fr_func, pp = (u_int *)fp->fr_ifnames;
>+	     p < pp; p++)
>+		fp->fr_cksum += *p;
>+	for (p = (u_int *)&fp->fr_isctag, pp = (u_int *)fp->fr_tifs;
> 	     p < pp; p++)
> 		fp->fr_cksum += *p;
>-	pp = (u_int *)(fp->fr_caddr + fp->fr_dsize);
>-	for (p = (u_int *)fp->fr_data; p < pp; p++)
>+	{
>+		int i;
>+		for (i = 0; i <= 1; i++)
>+			for (p = (u_int *)&fp->fr_tifs[i].fd_addr,
>+			     pp = (u_int *)&fp->fr_tifs[i].fd_name;
>+				p < pp; p++)
>+					fp->fr_cksum += *p;
>+	}
>+	for (p = (u_int *)&fp->fr_dif.fd_addr, pp = (u_int *)&fp->fr_dif.fd_name;
>+	     p < pp; p++)
>+		fp->fr_cksum += *p;
>+	for (p = (u_int *)fp->fr_data, pp = (u_int *)(fp->fr_caddr + fp->fr_dsize);
>+	     p < pp; p++)
> 		fp->fr_cksum += *p;
> 
> 	WRITE_ENTER(&softc->ipf_mutex);

Actions: View | Diff

Attachments on bug 238796: 205322 | 205341 | 205744 | 205808 | 205851 | 206344 | 206385