diff options
| author | Kristof Provost <kp@FreeBSD.org> | 2024-08-26 14:42:05 +0000 |
|---|---|---|
| committer | Mark Johnston <markj@FreeBSD.org> | 2024-09-19 12:58:34 +0000 |
| commit | e3773ad4716f975b8e8dc4e013bcb044278d8d27 (patch) | |
| tree | 9622896c4eec3fd756494ab4672602af916f20a3 | |
| parent | 2fd8437daed57e34e50beb50013910b64b456f91 (diff) | |
| download | src-e3773ad4716f975b8e8dc4e013bcb044278d8d27.tar.gz src-e3773ad4716f975b8e8dc4e013bcb044278d8d27.zip | |
pf: try to lookup the icmp state based on a correct packet descriptor
Approved by: so
Security: FreeBSD-EN-24:16.pf
MFC after: 1 week
Obtained from: OpenBSD, mikeb <mikeb@openbsd.org>, e467ea25dcd3
Sponsored by: Rubicon Communications, LLC ("Netgate")
(cherry picked from commit b8cd169efa6ac0899b4998898129765ae5c685a6)
(cherry picked from commit f40b0e735177b25ce67fb488a93834168f4c16e1)
| -rw-r--r-- | sys/netpfil/pf/pf.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index 7b501cc54b27..49bfefa2b6ed 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -6709,11 +6709,11 @@ pf_test_state_icmp(struct pf_kstate **state, struct pfi_kkif *kif, pd->dir, kif, virtual_id, virtual_type, icmp_dir, &iidx, PF_ICMP_MULTI_NONE, 1); if (ret >= 0) { - if (ret == PF_DROP && pd->af == AF_INET6 && + if (ret == PF_DROP && pd2.af == AF_INET6 && icmp_dir == PF_OUT) { if (*state != NULL) PF_STATE_UNLOCK((*state)); - ret = pf_icmp_state_lookup(&key, pd, + ret = pf_icmp_state_lookup(&key, &pd2, state, m, off, pd->dir, kif, virtual_id, virtual_type, icmp_dir, &iidx, multi, 1); |