do not set the pkthdr mbuf state key pointer to the state key saved in the

pcb. the state key ptr in the pcb is the one that had to be used by pf
outbound. but by convention the state key pointer in the pkthdr is the one
used INbound, so pf follows its reverse pointer to find the sk to use,
and since a reverse doesn't exist for locally terminated connections the
reverse pointer is null and thus the whole game a noop.
note that this only affects packets FROM local udp/tcp sockets, for the
other direction everything works as expected.

2 files changed, 2 insertions, 4 deletions

diff --git a/sys/netinet/tcp_output.c b/sys/netinet/tcp_output.c
index bd06ea95f25..8e0ca68f182 100644
--- a/sys/netinet/tcp_output.c
+++ b/sys/netinet/tcp_output.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: tcp_output.c,v 1.85 2008/07/03 15:46:24 henning Exp $	*/
+/*	$OpenBSD: tcp_output.c,v 1.86 2008/09/03 12:51:39 henning Exp $	*/
 /*	$NetBSD: tcp_output.c,v 1.16 1997/06/03 16:17:09 kml Exp $	*/
 
 /*
@@ -761,7 +761,6 @@ send:
 	}
 	m->m_pkthdr.rcvif = (struct ifnet *)0;
 	m->m_pkthdr.len = hdrlen + len;
-	m->m_pkthdr.pf.statekey = tp->t_inpcb->inp_pf_sk;
 
 	if (!tp->t_template)
 		panic("tcp_output");
diff --git a/sys/netinet/udp_usrreq.c b/sys/netinet/udp_usrreq.c
index 47ce3a14e6f..46cc99ab4bf 100644
--- a/sys/netinet/udp_usrreq.c
+++ b/sys/netinet/udp_usrreq.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: udp_usrreq.c,v 1.124 2008/07/16 09:00:44 henning Exp $	*/
+/*	$OpenBSD: udp_usrreq.c,v 1.125 2008/09/03 12:51:39 henning Exp $	*/
 /*	$NetBSD: udp_usrreq.c,v 1.28 1996/03/16 23:54:03 christos Exp $	*/
 
 /*
@@ -988,7 +988,6 @@ udp_output(struct mbuf *m, ...)
 	((struct ip *)ui)->ip_ttl = inp->inp_ip.ip_ttl;
 	((struct ip *)ui)->ip_tos = inp->inp_ip.ip_tos;
 
-	m->m_pkthdr.pf.statekey = inp->inp_pf_sk;
 	udpstat.udps_opackets++;
 	error = ip_output(m, inp->inp_options, &inp->inp_route,
 	    inp->inp_socket->so_options &