Summary: | [pf] [patch] route-to rule forwarding traffic inspite of state limit | ||||||
---|---|---|---|---|---|---|---|
Product: | Base System | Reporter: | Kajetan Staszkiewicz <vegeta> | ||||
Component: | kern | Assignee: | Gleb Smirnoff <glebius> | ||||
Status: | Closed FIXED | ||||||
Severity: | Affects Only Me | CC: | glebius | ||||
Priority: | Normal | ||||||
Version: | 9.1-RELEASE | ||||||
Hardware: | Any | ||||||
OS: | Any | ||||||
Attachments: |
|
Description
Kajetan Staszkiewicz
2013-04-12 14:50:00 UTC
Responsible Changed From-To: freebsd-bugs->freebsd-pf Over to maintainer(s). The attached patch for FreeBSD 10 does basically the same thing, although in a way that is easier to understand in code as it performs all actions inside pf_test, instead of waiting for pf_check_in to free *m. -- | pozdrawiam / greetings | powered by Debian, FreeBSD and CentOS | | Kajetan Staszkiewicz | jabber,email: vegeta()tuxpowered net | | Vegeta | www: http://vegeta.tuxpowered.net | `------------------------^---------------------------------------' A commit references this bug: Author: glebius Date: Mon Sep 1 13:00:46 UTC 2014 New revision: 270928 URL: http://svnweb.freebsd.org/changeset/base/270928 Log: Explicitly free packet on PF_DROP, otherwise a "quick" rule with "route-to" may still forward it. PR: 177808 Submitted by: Kajetan Staszkiewicz <kajetan.staszkiewicz innogames.de> Sponsored by: InnoGames GmbH Changes: head/sys/netpfil/pf/pf.c A commit references this bug: Author: glebius Date: Tue Sep 9 10:29:27 UTC 2014 New revision: 271306 URL: http://svnweb.freebsd.org/changeset/base/271306 Log: Merge r270928: explicitly free packet on PF_DROP, otherwise a "quick" rule with "route-to" may still forward it. PR: 177808 Approved by: re (gjb) Changes: _U stable/10/ stable/10/sys/netpfil/pf/pf.c |