diff options
| author | Kristof Provost <kp@FreeBSD.org> | 2015-06-10 13:44:04 +0000 |
|---|---|---|
| committer | Kristof Provost <kp@FreeBSD.org> | 2015-06-10 13:44:04 +0000 |
| commit | 0b7eba6ad40ed978dfbaff56c062360a836fcf91 (patch) | |
| tree | 61ff8e71e29b69df74d13f951267066fa52d4dd8 /sys/netpfil/pf | |
| parent | 2f0ae7721dd1f82cdbda32d97a098379cb5c3722 (diff) | |
| download | src-0b7eba6ad40ed978dfbaff56c062360a836fcf91.tar.gz src-0b7eba6ad40ed978dfbaff56c062360a836fcf91.zip | |
pf: address family must be set when creating a pf_fragment
Fix a panic when handling fragmented ip4 packets with 'drop-ovl' set.
In that scenario we take a different branch in pf_normalize_ip(), taking us to
pf_fragcache() (rather than pf_reassemble()). In pf_fragcache() we create a
pf_fragment, but do not set the address family. This leads to a panic when we
try to insert that into pf_frag_tree because pf_addr_cmp(), which is used to
compare the pf_fragments doesn't know what to do if the address family is not
set.
Simply ensure that the address family is set correctly (always AF_INET in this
path).
PR: 200330
Differential Revision: https://reviews.freebsd.org/D2769
Approved by: philip (mentor), gnn (mentor)
Notes
Notes:
svn path=/head/; revision=284222
Diffstat (limited to 'sys/netpfil/pf')
| -rw-r--r-- | sys/netpfil/pf/pf_norm.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/sys/netpfil/pf/pf_norm.c b/sys/netpfil/pf/pf_norm.c index 3f210c29df70..3888ef65b2ba 100644 --- a/sys/netpfil/pf/pf_norm.c +++ b/sys/netpfil/pf/pf_norm.c @@ -823,6 +823,7 @@ pf_fragcache(struct mbuf **m0, struct ip *h, struct pf_fragment **frag, int mff, (*frag)->fr_max = 0; (*frag)->fr_src.v4 = h->ip_src; (*frag)->fr_dst.v4 = h->ip_dst; + (*frag)->fr_af = AF_INET; (*frag)->fr_id = h->ip_id; (*frag)->fr_timeout = time_uptime; |