From nobody Thu Sep 19 13:02:56 2024 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4X8bKY1Gp6z5WXwJ; Thu, 19 Sep 2024 13:02:57 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4X8bKX60p0z4pwl; Thu, 19 Sep 2024 13:02:56 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1726750976; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=0CkXiXf8XaoUkjJ+SmSc30ck55464tpY1weVCAF1RhU=; b=ntOni4pABu3VFYU0ELanWh9UC6KN5eYpyQ3TM7WMRXwup9aErLG2uN7yNH5PjfxuNwWLPM My/uwrgQjgXSZ0kObQRS9JzTJ7t71beovBHvvJX2yjN1ivzDPzrd0ufxYblTYMgQ2re0/k Fgv5vSncqkyUuNk5T0sI9NWEHrvT05UFp98zPFStpLTUHtVMUwjg9CpGBoZ1Egmxz3MHWG GCBZHY9UcgCf9u89axXBV1a5LS+AZsy8+TZA+KcTtIO3MIJyZGeupDOF9tBHzbOnEszhOZ XJ5gYgkx9H/IJ4KYWKXNj+A4byeVTbHPHd2ZvBVHCNmPxJPgyESBWpt7MSl0LA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1726750976; a=rsa-sha256; cv=none; b=qgY1mxypwxmpLf2lOZ6SNm5RNUMUWpWPD0cWx15sIfRnEGl9N5D0ebeBNAPKy4MfDO+ITI QXiVEby0O9gCSoBuOqkCjb8Y1rvoi2CvDKvuv0PDDN/8Of2RTxYYHITj2kiNaYu2ivUHh7 zvh9QuyR6KC9/HoQ2iPigErSnlnqqwyvhtIpZOoGJEyShcGfQN7+D+ITZTazgcMouZpnSX j+pCThHwtJmldSfSCFs9/WIua/4ny//B5bfYA8FUVg/pPd9jo5KFFG19SVu6VbdLNyrWbu BLPGuCIn7441ppX1p5IsZoQDd09DiB2GWHcXW5WjmCssoFabHly5ib6rO4zzzQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1726750976; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=0CkXiXf8XaoUkjJ+SmSc30ck55464tpY1weVCAF1RhU=; b=uX3vSCzVQza/er3mFtNIFi4MlUu3VVDIq1urbSiMVKfITqJX7K2n8Jy0xAqK+dgT/z4o02 Ls8LIAkQqpsgl7c1ti7vY5BF1eYoepIwPznzF0xLxFlAiBGKNVOLpznPUowL0O9j294Ww5 XBvmLiDffVLf8n/m3lXueo7Ev2Ywumk8lomHoHymcVWREcNG/83XA9rYZG2mq32yMg525E GSZWYOKYL1Upk4evh9D1Nj6WMFRniwxBaYOtfxsq2nr4zinvI2a6GZ3EcUvG6HjXMZD7aA 9TpDL5mdhrIcqnnW2pQf8FZzxHvAOPWA+kHCEIANOTbU0Y6i8WjbpPBrH47l0g== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4X8bKX5XTzz16Rd; Thu, 19 Sep 2024 13:02:56 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 48JD2unj099724; Thu, 19 Sep 2024 13:02:56 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 48JD2uDa099721; Thu, 19 Sep 2024 13:02:56 GMT (envelope-from git) Date: Thu, 19 Sep 2024 13:02:56 GMT Message-Id: <202409191302.48JD2uDa099721@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mark Johnston Subject: git: 95a1a22a835f - releng/14.1 - pf: try to lookup the icmp state based on a correct packet descriptor List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/releng/14.1 X-Git-Reftype: branch X-Git-Commit: 95a1a22a835f8824acf1c7d7edd6953ad7f83ab2 Auto-Submitted: auto-generated The branch releng/14.1 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=95a1a22a835f8824acf1c7d7edd6953ad7f83ab2 commit 95a1a22a835f8824acf1c7d7edd6953ad7f83ab2 Author: Kristof Provost AuthorDate: 2024-08-26 14:42:05 +0000 Commit: Mark Johnston CommitDate: 2024-09-19 12:55:33 +0000 pf: try to lookup the icmp state based on a correct packet descriptor Approved by: so Security: FreeBSD-EN-24:16.pf MFC after: 1 week Obtained from: OpenBSD, mikeb , e467ea25dcd3 Sponsored by: Rubicon Communications, LLC ("Netgate") (cherry picked from commit b8cd169efa6ac0899b4998898129765ae5c685a6) (cherry picked from commit f40b0e735177b25ce67fb488a93834168f4c16e1) --- sys/netpfil/pf/pf.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index 2fdd092a6dc9..b057c75dc51c 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -7200,11 +7200,11 @@ pf_test_state_icmp(struct pf_kstate **state, struct pfi_kkif *kif, pd->dir, kif, virtual_id, virtual_type, icmp_dir, &iidx, PF_ICMP_MULTI_NONE, 1); if (ret >= 0) { - if (ret == PF_DROP && pd->af == AF_INET6 && + if (ret == PF_DROP && pd2.af == AF_INET6 && icmp_dir == PF_OUT) { if (*state != NULL) PF_STATE_UNLOCK((*state)); - ret = pf_icmp_state_lookup(&key, pd, + ret = pf_icmp_state_lookup(&key, &pd2, state, m, off, pd->dir, kif, virtual_id, virtual_type, icmp_dir, &iidx, multi, 1);