diff options
| author |   haesbaert <haesbaert@openbsd.org> | 2013-11-15 10:18:26 +0000 |
|---|---|---|
| committer | haesbaert <haesbaert@openbsd.org> | 2013-11-15 10:18:26 +0000 |
| commit | d285ff798bb2c1873169c8fb7dd9d9afbffa529f (patch) | |
| tree | 311f44eeee910aac83719b6d8a1939e864b7c9b3 | |
| parent | Clean-up usbd_abort_pipe() usage. (diff) | |
| download | wireguard-openbsd-d285ff798bb2c1873169c8fb7dd9d9afbffa529f.tar.xz wireguard-openbsd-d285ff798bb2c1873169c8fb7dd9d9afbffa529f.zip | |
Forget socket linking on pf_pkt_addr_changed(), this fixes among other
things, setups with ipsec+ifbound.
The sympthon was that local IPSec packets (tunnel->tunnel) would not
match state after the latest pf_find_state() changes. The first packet
would go through, but the subsequent ones would fail the match and
collide later with the existing state.
ok henning@ markus@
| -rw-r--r-- | sys/net/pf.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index 07ae04e4f1c..bf060a789d0 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.857 2013/10/30 11:35:10 mpi Exp $ */ +/* $OpenBSD: pf.c,v 1.858 2013/11/15 10:18:26 haesbaert Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -6805,4 +6805,8 @@ void pf_pkt_addr_changed(struct mbuf *m) { m->m_pkthdr.pf.statekey = NULL; + if (m->m_pkthdr.pf.inp) { + m->m_pkthdr.pf.inp->inp_pf_sk = NULL; + m->m_pkthdr.pf.inp = NULL; + } } |