| #
344113 |
|
14-Feb-2019 |
cy |
MFC r343591:
Do not obtain an already held read lock. This causes a witness panic when
ipfs is invoked. This is the second of two panics resolving PR 235110.
PR: 235110
Reported by: David.Boyd49@twc.com
|
| #
338171 |
|
22-Aug-2018 |
cy |
MFC r338047:
The bucket index is subtracted by one at lines 2304 and 2314. When 0 it
becomes -1, except these are unsigned integers, so they become very large
numbers. Thus are always larger than the maximum bucket; the hash table
insertion fails causing NAT to fail.
This commit ensures that if the index is already zero it is not reduced
prior to insertion into the hash table.
PR: 208566
|
| #
338170 |
|
22-Aug-2018 |
cy |
MFC r338046:
Add handy DTrace probes useful in diagnosing NAT issues. DTrace probes
are situated next to error counters and/or in one instance prior to the
-1 return from various functions. This was useful in diagnosis of
PR/208566 and will be handy in the future diagnosing NAT failures.
PR: 208566
|
| #
338169 |
|
22-Aug-2018 |
cy |
MFC r338045:
Expose np (nat_t - an entry in the nat table structure) in the DTrace
probe when nat fails (label badnat). This is useful in diagnosing
failed NAT issues and was used in PR/208566.
PR: 208566
|
| #
337948 |
|
17-Aug-2018 |
cy |
MFC r337558, r337560
r337558:
Identify the return value (rval) that led to the IPv4 NAT failure
in ipf_nat_checkout() and report it in the frb_natv4out and frb_natv4in
dtrace probes.
This is currently being used to diagnose NAT failures in PR/208566. It's
rather handy so this commit makes it available for future diagnosis and
debugging efforts.
PR: 208566
r337560:
Correct a comment. Should have been detected by ipf_nat_in() not
ipf_nat_out().
|
| #
324513 |
|
11-Oct-2017 |
cy |
MFC r323945 and 323962
Fix misspellings, typos and /* border misalignments.
|
| #
323231 |
|
06-Sep-2017 |
cy |
MFC r322073:
Fix matchcing of NATed ICMP queries (resolving NATed MTU discovery).
Approved by: re (kib)
|
| #
319176 |
|
30-May-2017 |
cy |
MFC r318745:
Remove redundant variable declaration.
|
| #
315079 |
|
11-Mar-2017 |
cy |
MFC r312886:
Fix lookup of original destination address when using a redirect rule.
Transparent proxying, e.g. to squid, is an example of this.
Obtained from: NetBSD ip_nat.c r1.17, ip_nat6.c r1.10
|
| #
292979 |
|
31-Dec-2015 |
cy |
MFC r292813.
Correct __FreeBSD__ check.
|
| #
292811 |
|
27-Dec-2015 |
cy |
MFC r292518.
Don't assume checksums will be calculated later when fastfoward is
enabled (by default in r290383).
PR: 72210
|
| #
272998 |
|
12-Oct-2014 |
cy |
MFC r272555
ipfilter bug #537 NAT rules with sticky have incorrect hostmap IP address.
This fixes when an IP address mapping is put in the hostmap table for
sticky NAT rules, it ends up having the wrong byte order.
Obtained from: ipfilter CVS repo (r1.102), NetBSD CVS repo (r1.12)
|
| #
272998 |
|
12-Oct-2014 |
cy |
MFC r272555
ipfilter bug #537 NAT rules with sticky have incorrect hostmap IP address.
This fixes when an IP address mapping is put in the hostmap table for
sticky NAT rules, it ends up having the wrong byte order.
Obtained from: ipfilter CVS repo (r1.102), NetBSD CVS repo (r1.12)
|