FreeBSD Bugzilla – Attachment 133353 Details for
Bug 177808
[pf] [patch] route-to rule forwarding traffic inspite of state limit
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
drop-traffic-on-state-creation-fail.patch
drop-traffic-on-state-creation-fail.patch (text/x-patch; charset="UTF-8"), 917 bytes, created by
Kajetan Staszkiewicz
on 2013-11-18 16:13:24 UTC
(
hide
)
Description:
drop-traffic-on-state-creation-fail.patch
Filename:
MIME Type:
Creator:
Kajetan Staszkiewicz
Created:
2013-11-18 16:13:24 UTC
Size:
917 bytes
patch
obsolete
># It might happen that a passing rule fails to create a state for example due ># to hitting its state limit. A PF_DROP action is set in such case but the rule ># already has rt filled in which causes pf_route to be called and the packet ># to be forwarded. ># ># Do not call pf_route at all if action is PF_DROP. ># ># kajetan.staszkiewicz@innogames.de ># Work sponsored by InnoGames GmbH ># >diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c >index 12d1e9a..59a349d 100644 >--- a/sys/netpfil/pf/pf.c >+++ b/sys/netpfil/pf/pf.c >@@ -6009,6 +6009,10 @@ done: > *m0 = NULL; > action = PF_PASS; > break; >+ case PF_DROP: >+ m_freem(*m0); >+ *m0 = NULL; >+ break; > default: > /* pf_route() returns unlocked. */ > if (r->rt) { >@@ -6382,6 +6386,10 @@ done: > *m0 = NULL; > action = PF_PASS; > break; >+ case PF_DROP: >+ m_freem(*m0); >+ *m0 = NULL; >+ break; > default: > /* pf_route6() returns unlocked. */ > if (r->rt) {
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=133353">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 177808
: 133353