diff options
| author |   yasuoka <yasuoka@openbsd.org> | 2015-03-16 02:40:55 +0000 |
|---|---|---|
| committer | yasuoka <yasuoka@openbsd.org> | 2015-03-16 02:40:55 +0000 |
| commit | 94364cc542a27e3c74f82be44e6af1e58afd90cb (patch) | |
| tree | a3fef8421b1f43e93efb69f10e7c3676832fcb0c | |
| parent | Revert 1.39. Resetting after specifically putting the keyboard in a (diff) | |
| download | wireguard-openbsd-94364cc542a27e3c74f82be44e6af1e58afd90cb.tar.xz wireguard-openbsd-94364cc542a27e3c74f82be44e6af1e58afd90cb.zip | |
When state creations happen in short term by outgoing packets of one
SO_BINDANY socket, the new state didn't have a link of the socket's
pcb. So the incoming packets allowed by the state were mistakenly
forwarded and the pcb could not get them. Fix pf not to lost the link
of the pcb when the state is recreated.
ok bluhm mikeb
| -rw-r--r-- | sys/net/pf.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index 0b073894ca4..fe7341d94bc 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.907 2015/03/14 03:38:51 jsg Exp $ */ +/* $OpenBSD: pf.c,v 1.908 2015/03/16 02:40:55 yasuoka Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -4279,6 +4279,7 @@ pf_test_state(struct pf_pdesc *pd, struct pf_state **state, u_short *reason) int copyback = 0; struct pf_state_peer *src, *dst; int action = PF_PASS; + struct inpcb *inp; key.af = pd->af; key.proto = pd->virtual_proto; @@ -4287,6 +4288,7 @@ pf_test_state(struct pf_pdesc *pd, struct pf_state **state, u_short *reason) PF_ACPY(&key.addr[pd->didx], pd->dst, key.af); key.port[pd->sidx] = pd->osport; key.port[pd->didx] = pd->odport; + inp = pd->m->m_pkthdr.pf.inp; STATE_LOOKUP(pd->kif, &key, pd->dir, *state, pd->m); @@ -4315,6 +4317,7 @@ pf_test_state(struct pf_pdesc *pd, struct pf_state **state, u_short *reason) (*state)->src.state = (*state)->dst.state = TCPS_CLOSED; pf_unlink_state(*state); *state = NULL; + pd->m->m_pkthdr.pf.inp = inp; return (PF_DROP); } |