git: fceeab39e9b1 - releng/13.3 - pf: try to lookup the icmp state based on a correct packet descriptor

Thu, 19 Sep 2024 06:05:24 -0700 

The branch releng/13.3 has been updated by markj:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=fceeab39e9b16035f0a8c017c3ad64f1bf3e1d72

commit fceeab39e9b16035f0a8c017c3ad64f1bf3e1d72
Author:     Kristof Provost <k...@freebsd.org>
AuthorDate: 2024-08-26 14:42:05 +0000
Commit:     Mark Johnston <ma...@freebsd.org>
CommitDate: 2024-09-19 13:01:05 +0000

    pf: try to lookup the icmp state based on a correct packet descriptor
    
    Approved by:    so
    Security:       FreeBSD-EN-24:16.pf
    MFC after:      1 week
    Obtained from:  OpenBSD, mikeb <mi...@openbsd.org>, e467ea25dcd3
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
    
    (cherry picked from commit b8cd169efa6ac0899b4998898129765ae5c685a6)
    (cherry picked from commit fa4b64836183c33631d92dadb073a9e435c5bf6d)
---
 sys/netpfil/pf/pf.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
index c8c3d96a72bc..ecad3c274d74 100644
--- a/sys/netpfil/pf/pf.c
+++ b/sys/netpfil/pf/pf.c
@@ -6609,11 +6609,11 @@ pf_test_state_icmp(struct pf_kstate **state, int 
direction, struct pfi_kkif *kif
                            pd->dir, kif, virtual_id, virtual_type,
                            icmp_dir, &iidx, PF_ICMP_MULTI_NONE, 1);
                        if (ret >= 0) {
-                               if (ret == PF_DROP && pd->af == AF_INET6 &&
+                               if (ret == PF_DROP && pd2.af == AF_INET6 &&
                                    icmp_dir == PF_OUT) {
                                        if (*state != NULL)
                                                PF_STATE_UNLOCK((*state));
-                                       ret = pf_icmp_state_lookup(&key, pd,
+                                       ret = pf_icmp_state_lookup(&key, &pd2,
                                            state, m, off, pd->dir, kif,
                                            virtual_id, virtual_type,
                                            icmp_dir, &iidx, multi, 1);

Reply via email to