diff options
| author |   henning <henning@openbsd.org> | 2009-02-18 20:06:23 +0000 |
|---|---|---|
| committer | henning <henning@openbsd.org> | 2009-02-18 20:06:23 +0000 |
| commit | 7ecdb3dad1f6f52227eeea2b32f726881d9b7aef (patch) | |
| tree | bc21a3e677dc846fdef6c55330b093f338269465 /sys/net/pf_lb.c | |
| parent | Make the best guesses possible about newer usb modems and in which modes (diff) | |
| download | wireguard-openbsd-7ecdb3dad1f6f52227eeea2b32f726881d9b7aef.tar.xz wireguard-openbsd-7ecdb3dad1f6f52227eeea2b32f726881d9b7aef.zip | |
bring back the NAT NOP fix, but this time right.
when we want to pretend pf_get_translation didn't do anything we must
get rid of _both_ state keys and reset all 4 sk pointers to NULL and
not leave one key behind and have all 4 pointers point to it - that must
fail. tested dhill sthen, david agrees, deraadt ok
Diffstat (limited to 'sys/net/pf_lb.c')
| -rw-r--r-- | sys/net/pf_lb.c | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/sys/net/pf_lb.c b/sys/net/pf_lb.c index 0ddc950e9f6..b826f6a3556 100644 --- a/sys/net/pf_lb.c +++ b/sys/net/pf_lb.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_lb.c,v 1.2 2009/02/12 02:13:15 sthen Exp $ */ +/* $OpenBSD: pf_lb.c,v 1.3 2009/02/18 20:06:23 henning Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -678,6 +678,16 @@ pf_get_translation(struct pf_pdesc *pd, struct mbuf *m, int off, int direction, default: return (NULL); } + /* + * Translation was a NOP. + * Pretend there was no match. + */ + if (!bcmp(*skp, *nkp, sizeof(struct pf_state_key_cmp))) { + pool_put(&pf_state_key_pl, *nkp); + pool_put(&pf_state_key_pl, *skp); + *skw = *sks = *nkp = *skp = NULL; + return (NULL); + } } return (r); |