git: 183076d24478 - releng/13.4 - pf: try to lookup the icmp state based on a correct packet descriptor
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 05 Sep 2024 07:35:37 UTC
The branch releng/13.4 has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=183076d24478091246cd5928e31d57d21e417c0f commit 183076d24478091246cd5928e31d57d21e417c0f Author: Kristof Provost <kp@FreeBSD.org> AuthorDate: 2024-08-26 14:42:05 +0000 Commit: Kristof Provost <kp@FreeBSD.org> CommitDate: 2024-09-05 07:34:52 +0000 pf: try to lookup the icmp state based on a correct packet descriptor MFC after: 1 week Obtained from: OpenBSD, mikeb <mikeb@openbsd.org>, e467ea25dcd3 Sponsored by: Rubicon Communications, LLC ("Netgate") (cherry picked from commit b8cd169efa6ac0899b4998898129765ae5c685a6) (cherry picked from commit fa4b64836183c33631d92dadb073a9e435c5bf6d) Approved-by: re (cperciva) --- sys/netpfil/pf/pf.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index 64f731d4ae53..0991cd39f332 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -6623,11 +6623,11 @@ pf_test_state_icmp(struct pf_kstate **state, int direction, struct pfi_kkif *kif pd->dir, kif, virtual_id, virtual_type, icmp_dir, &iidx, PF_ICMP_MULTI_NONE, 1); if (ret >= 0) { - if (ret == PF_DROP && pd->af == AF_INET6 && + if (ret == PF_DROP && pd2.af == AF_INET6 && icmp_dir == PF_OUT) { if (*state != NULL) PF_STATE_UNLOCK((*state)); - ret = pf_icmp_state_lookup(&key, pd, + ret = pf_icmp_state_lookup(&key, &pd2, state, m, off, pd->dir, kif, virtual_id, virtual_type, icmp_dir, &iidx, multi, 1);