Author: glebius
Date: Tue Sep 9 10:29:27 2014
New Revision: 271306
URL: http://svnweb.freebsd.org/changeset/base/271306
Log:
Merge r270928: explicitly free packet on PF_DROP, otherwise a "quick"
rule with "route-to" may still forward it.
PR: 177808
Approved by: re (gjb)
Modified:
stable/10/sys/netpfil/pf/pf.c
Directory Properties:
stable/10/ (props changed)
Modified: stable/10/sys/netpfil/pf/pf.c
==============================================================================
--- stable/10/sys/netpfil/pf/pf.c Tue Sep 9 10:13:46 2014
(r271305)
+++ stable/10/sys/netpfil/pf/pf.c Tue Sep 9 10:29:27 2014
(r271306)
@@ -6003,6 +6003,10 @@ done:
*m0 = NULL;
action = PF_PASS;
break;
+ case PF_DROP:
+ m_freem(*m0);
+ *m0 = NULL;
+ break;
default:
/* pf_route() returns unlocked. */
if (r->rt) {
@@ -6379,6 +6383,10 @@ done:
*m0 = NULL;
action = PF_PASS;
break;
+ case PF_DROP:
+ m_freem(*m0);
+ *m0 = NULL;
+ break;
default:
/* pf_route6() returns unlocked. */
if (r->rt) {
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
