diff options
| author | Alexandr Nedvedicky <sashan@cvs.openbsd.org> | 2017-06-09 17:43:07 +0000 |
|---|---|---|
| committer | Alexandr Nedvedicky <sashan@cvs.openbsd.org> | 2017-06-09 17:43:07 +0000 |
| commit | b314996446842cc3a9b784aeedf98050eb788859 (patch) | |
| tree | 7f215fd1c9c520366004fe364f0e578c6e4b36e1 | |
| parent | 57f4ced81d546be712483ad919f2918efc2744e8 (diff) | |
- pfsync_input() must grab PF_LOCK
reported and patch tested by Hrvoje Popovski
O.K. bluhm@
| -rw-r--r-- | sys/net/if_pfsync.c | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/sys/net/if_pfsync.c b/sys/net/if_pfsync.c index e50576fe32a..bda5a865a42 100644 --- a/sys/net/if_pfsync.c +++ b/sys/net/if_pfsync.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_pfsync.c,v 1.252 2017/05/27 18:33:21 mpi Exp $ */ +/* $OpenBSD: if_pfsync.c,v 1.253 2017/06/09 17:43:06 sashan Exp $ */ /* * Copyright (c) 2002 Michael Shalayeff @@ -657,6 +657,7 @@ pfsync_input(struct mbuf **mp, int *offp, int proto, int af) struct pfsync_header *ph; struct pfsync_subheader subh; int offset, noff, len, count, mlen, flags = 0; + int e; pfsyncstat_inc(pfsyncs_ipackets); @@ -733,8 +734,11 @@ pfsync_input(struct mbuf **mp, int *offp, int proto, int af) return IPPROTO_DONE; } - if (pfsync_acts[subh.action].in(n->m_data + noff, - mlen, count, flags) != 0) + PF_LOCK(); + e = pfsync_acts[subh.action].in(n->m_data + noff, mlen, count, + flags); + PF_UNLOCK(); + if (e != 0) goto done; offset += mlen * count; |