jimzah/freebsd-src
1
0
Fork 0
mirror of https://github.com/freebsd/freebsd-src.git synced 2024-11-26 20:12:44 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
247,087 Commits 78 Branches 139 Tags 3.5 GiB
C 59.5%
C++ 26.7%
Roff 4.9%
Shell 2.9%
Assembly 1.7%
Other 3.8%
stable/12
Go to file
Eugene Grosbein 41efd8eef3 libalias: fix subtle racy problem in outside-inside forwarding 
sys/netinet/libalias/alias_db.c has internal static function UseLink()
that passes a link to CleanupLink() to verify if the link has expired.
If so, UseLink() may return NULL.

_FindLinkIn()'s usage of UseLink() is not quite correct.

Assume there is "redirect_port udp" configured to forward incoming
traffic for specific port to some internal address.
Such a rule creates partially specified permanent link.

After first such incoming packet libalias creates new fully specified
temporary LINK_UDP with default timeout of 60 seconds.
Also, in case of low traffic libalias may assign "timestamp"
for this new temporary link way in the past because
LibAliasTime is updated seldom and can keep old value
for tens of seconds, and it will be used for the temporary link.

It may happen that next incoming packet for redirected port
passed to _FindLinkIn() results in a call to UseLink()
that returns NULL due to detected expiration.
Immediate return of NULL results in broken translation:
either a packet is dropped (deny_incoming mode) or delivered to
original destination address instead of internal one.

Fix it with additional check for NULL to proceed with a search
for original partially specified link. In case of UDP,
it also recreates temporary fully specified link
with a call to ReLink().

Practical examples are "redirect_port udp" rules for unidirectional
SYSLOG protocol (port 514) or some low volume VPN encapsulated in UDP.

Thanks to Peter Much for initial analysis and first version of a patch.

Reported by:	Peter Much <pmc@citylink.dinoex.sub.org>
PR:		269770

(cherry picked from commit 8132e95909)
(cherry picked from commit e5b8538083)
2024-08-25 13:47:32 +07:00
bin Revert "df: remove the unused fstype var" 2023-03-21 19:55:00 -07:00
cddl Fix zfsd with the device_removal pool feature. 2023-09-21 16:26:29 -06:00
contrib Fix snprintf truncation in telnet 2023-12-24 15:01:35 +01:00
crypto openssh: Fix pre-authentication remote code execution in sshd. 2024-07-01 09:25:49 -04:00
etc MFC: Remove confDH_PARAMETERS settings in favor of using sendmail's 2023-10-17 19:48:22 +00:00
gnu Revert "Do a sweep and remove most WARNS=6 settings" 2021-08-29 15:28:30 +02:00
include libc/libc/rpc: refactor some global variables 2023-12-01 14:15:45 -07:00
kerberos5 heimdal: Do not build a redundant source file 2023-04-08 20:53:05 -07:00
lib msun: remove fabs from Symbol.map, and adjust comment 2024-01-30 18:52:55 +01:00
libexec rc.conf: correct $ntp_leapfile_sources 2023-12-16 10:34:43 +08:00
release release: remove inet blackhole sysctls from GCE config 2023-09-09 11:16:18 -04:00
rescue Include bsd.linker.mk to get LINKER_TYPE and VERSION in rescue 2023-04-29 09:24:37 +02:00
sbin camcontrol.8: Fix a typo in the manual page 2024-06-19 06:18:25 +02:00
secure OpenSSL: Regen manual pages for OpenSSL 1.1.1w 2023-09-11 13:28:31 -04:00
share rc.conf(5): add <service>_umask to run the service using this value 2023-12-02 15:40:59 +07:00
stand stand: Remove a double word in a source code comment 2023-04-23 07:16:27 +02:00
sys libalias: fix subtle racy problem in outside-inside forwarding 2024-08-25 13:47:32 +07:00
targets Unify zlib instances into one. 2022-04-09 21:16:24 -07:00
tests pfsync tests: check for the correct IP address 2023-05-25 03:56:19 +02:00
tools mwlstats: Fix a typo in an error message 2024-04-25 08:17:58 +02:00
usr.bin switch groff parameter -man to -mandoc for new groff release 1.23.0 2023-09-25 17:33:15 +00:00
usr.sbin periodic/daily/480.leapfile-ntpd: only attempt to refresh leap-seconds.list 2023-12-05 23:55:17 -08:00
.arcconfig callsign isn't required anymore 2016-09-29 06:19:45 +00:00
.arclint arc lint: ignore /tests/ in chmod 2017-12-19 03:38:06 +00:00
.cirrus.yml Cirrus-CI: Use standard QEMU package 2022-08-28 23:53:21 -04:00
.gitattributes MFC r342793 - selectively disable ZFS without disabling loader 2019-03-20 15:34:40 +00:00
.gitignore add exuberant ctags tags file to gitignore 2022-01-11 15:26:49 +02:00
COPYRIGHT copyrights: Happy New Year 2021 2020-12-31 10:44:52 -05:00
LOCKS LOCKS: update current locks 2018-06-09 03:08:04 +00:00
MAINTAINERS MFC r361541, r362038, r364240 2020-09-10 20:46:16 +00:00
Makefile Partially MFC 7d0c2b1131, to enable MAKE_PARAMS per target_arch 2021-12-21 16:56:30 +01:00
Makefile.inc1 12.4: update stable/12 to -PRERELEASE to start the release cycle 2022-10-06 21:13:43 -04:00
Makefile.libcompat 12.4: update stable/12 to -PRERELEASE to start the release cycle 2022-10-06 21:13:43 -04:00
Makefile.sys.inc AUTO_OBJ: For all top-level targets enforce using an OBJDIR. 2017-12-05 21:29:47 +00:00
ObsoleteFiles.inc caroot: update the root bundle and regenerate with OpenSSL 3 2023-09-09 00:34:16 -05:00
README.md hier(7): remove text describing /usr/src layout 2022-12-05 12:53:00 -04:00
UPDATING UPDATING: Remove a double word in an entry 2022-04-14 08:38:55 +02:00

README.md

FreeBSD Source:

This is the top level of the FreeBSD source directory.

FreeBSD is an operating system used to power modern servers, desktops, and embedded platforms. A large community has continually developed it for more than thirty years. Its advanced networking, security, and storage features have made FreeBSD the platform of choice for many of the busiest web sites and most pervasive embedded networking and storage devices.

For copyright information, please see the file COPYRIGHT in this directory. Additional copyright information also exists for some sources in this tree - please see the specific source directories for more information.

The Makefile in this directory supports a number of targets for building components (or all) of the FreeBSD source tree. See build(7), config(8), FreeBSD handbook on building userland, and Handbook for kernels for more information, including setting make(1) variables.

Source Roadmap:

Directory Description
bin System/user commands.
cddl Various commands and libraries under the Common Development and Distribution License.
contrib Packages contributed by 3rd parties.
crypto Cryptography stuff (see crypto/README).
etc Template files for /etc.
gnu Commands and libraries under the GNU General Public License (GPL) or Lesser General Public License (LGPL). Please see gnu/COPYING and gnu/COPYING.LIB for more information.
include System include files.
kerberos5 Kerberos5 (Heimdal) package.
lib System libraries.
libexec System daemons.
release Release building Makefile & associated tools.
rescue Build system for statically linked /rescue utilities.
sbin System commands.
secure Cryptographic libraries and commands.
share Shared resources.
stand Boot loader sources.
sys Kernel sources (see sys/README.md).
targets Support for experimental DIRDEPS_BUILD
tests Regression tests which can be run by Kyua. See tests/README for additional information.
tools Utilities for regression testing and miscellaneous tasks.
usr.bin User commands.
usr.sbin System administration commands.

For information on synchronizing your source tree with one or more of the FreeBSD Project's development branches, please see FreeBSD Handbook.