From nobody Thu Sep 19 13:04:03 2024 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4X8bLr0x92z5WYcf; Thu, 19 Sep 2024 13:04:04 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4X8bLq5jgrz4stC; Thu, 19 Sep 2024 13:04:03 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1726751043; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=dbbZQ8ZYva3JhzAG5gibE+wgv5oIwY2C2n9bAq7/QnI=; b=txeerpZ7cJ8V2WetTqp93OGIUI4u1xydiKs5UzhYGGJOX/eqhmRcEqwzJRtKMdO2GydaAc 2qb4XndYiJg9OKcHWZ8w0LaJoM+sRHEoNvyEInhWZcR3X1w1JMSvso+qLBkasTHegho+iD /F7rC7iyXgAVie7YOa/qUPDOT6/PnqHJz5DnQA1l34yvXX1sAOob415hcEkASvmxXwKb0g KOam/BOJeB+U1UG8Ng6WZxFvJnCRDnRDj5w4OVsDNO17DI6TMfBhHM56iblZvbG53C+Y8w I0+L7Df/PZz0XVqloCfRG+O+bNsZlrv5WSbx9peWI/IzGWxzlvinhk+Z6iiK/w== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1726751043; a=rsa-sha256; cv=none; b=fYgmp4wyuegOB7AJ5zgO10lco1/ipxjNo2Avd5yiK/OL5UbhyKXknqfCO8oyrDTKqC+vBd NU3/aaOhngWrkJM5Q0bqc7RtwqHDnpPbuSeNv14Zjvzc3Rd+5ddMqORsq2Wp3h5WZxiOtn JdiHyQZLqHBAxssgKkiVCtVGLGxlGUvQkAvlygo5A4IPLX1z8iWPTRqol8HGWAL4BpfBtI kikCRrZYRO956GthZQvgnC3uu1+FCexMR0IK2QxwKm0FSGo/jlOtPqZfQa544GGQulMsrU EEk9vx+gGZZ8lCOTKO//uS4wQVZWZHtxeVhSQkogN1HaOKDKN1DZK/oeUPE+tA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1726751043; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=dbbZQ8ZYva3JhzAG5gibE+wgv5oIwY2C2n9bAq7/QnI=; b=oYgFgR3W53CIcy6wLeJPngYPtWPiX0pof0Nuav/2O98CVNB9JboIK4g9WYleSw3X2Bti5k JzqQnLTp4YmAoY8GHVMXqWnqNrq+1l30YP9tx9lV3cUaTkvSW0xtZv+QK04Fdy9eeKccF9 P93Btlbr17+IIK9rd3aVJq+OmqOmkS29QUrmXrF9sbmQvILI82mMjBOJXPptOq7OayZs5r sx5OfpAEr7pxFJMMIDA0rpeZwPCHzD4LA9U4YLCw7ChdJROr3sBaVwmAOgfymbtEu+c81G ezORAd5TB33js0PmG4qVkK/xgwZmzntC1G2kyfNwohXcvTx3S84K7QJd55aBvA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4X8bLq5Jbwz168V; Thu, 19 Sep 2024 13:04:03 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 48JD43QA001011; Thu, 19 Sep 2024 13:04:03 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 48JD43d9001008; Thu, 19 Sep 2024 13:04:03 GMT (envelope-from git) Date: Thu, 19 Sep 2024 13:04:03 GMT Message-Id: <202409191304.48JD43d9001008@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mark Johnston Subject: git: fceeab39e9b1 - releng/13.3 - pf: try to lookup the icmp state based on a correct packet descriptor List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/releng/13.3 X-Git-Reftype: branch X-Git-Commit: fceeab39e9b16035f0a8c017c3ad64f1bf3e1d72 Auto-Submitted: auto-generated The branch releng/13.3 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=fceeab39e9b16035f0a8c017c3ad64f1bf3e1d72 commit fceeab39e9b16035f0a8c017c3ad64f1bf3e1d72 Author: Kristof Provost AuthorDate: 2024-08-26 14:42:05 +0000 Commit: Mark Johnston CommitDate: 2024-09-19 13:01:05 +0000 pf: try to lookup the icmp state based on a correct packet descriptor Approved by: so Security: FreeBSD-EN-24:16.pf MFC after: 1 week Obtained from: OpenBSD, mikeb , e467ea25dcd3 Sponsored by: Rubicon Communications, LLC ("Netgate") (cherry picked from commit b8cd169efa6ac0899b4998898129765ae5c685a6) (cherry picked from commit fa4b64836183c33631d92dadb073a9e435c5bf6d) --- sys/netpfil/pf/pf.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index c8c3d96a72bc..ecad3c274d74 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -6609,11 +6609,11 @@ pf_test_state_icmp(struct pf_kstate **state, int direction, struct pfi_kkif *kif pd->dir, kif, virtual_id, virtual_type, icmp_dir, &iidx, PF_ICMP_MULTI_NONE, 1); if (ret >= 0) { - if (ret == PF_DROP && pd->af == AF_INET6 && + if (ret == PF_DROP && pd2.af == AF_INET6 && icmp_dir == PF_OUT) { if (*state != NULL) PF_STATE_UNLOCK((*state)); - ret = pf_icmp_state_lookup(&key, pd, + ret = pf_icmp_state_lookup(&key, &pd2, state, m, off, pd->dir, kif, virtual_id, virtual_type, icmp_dir, &iidx, multi, 1);