summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorClaudio Jeker <claudio@cvs.openbsd.org>2010-05-12 08:11:12 +0000
committerClaudio Jeker <claudio@cvs.openbsd.org>2010-05-12 08:11:12 +0000
commit43c98758a46b9b51821ba2e951ec2757154ff4a0 (patch)
tree2ede00a969f7e7c8da1b0ec178063d5f429bb45f
parent73b25af4f81c0b4cad7f80f28a17c1f17cbd2bb9 (diff)
bzero() the full compressed update struct before setting the values.
This is needed because pf_state_peer_hton() skips some fields in certain situations which could result in garbage beeing sent to the other peer. This seems to fix the pfsync storms seen by stephan@ and so dlg owes me a whiskey. OK dlg@, stephan@
-rw-r--r--sys/net/if_pfsync.c5
1 files changed, 2 insertions, 3 deletions
diff --git a/sys/net/if_pfsync.c b/sys/net/if_pfsync.c
index 8e279d0091e..a5c00477df6 100644
--- a/sys/net/if_pfsync.c
+++ b/sys/net/if_pfsync.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: if_pfsync.c,v 1.145 2010/04/25 17:38:53 mpf Exp $ */
+/* $OpenBSD: if_pfsync.c,v 1.146 2010/05/12 08:11:11 claudio Exp $ */
/*
* Copyright (c) 2002 Michael Shalayeff
@@ -1474,6 +1474,7 @@ pfsync_out_upd_c(struct pf_state *st, void *buf)
{
struct pfsync_upd_c *up = buf;
+ bzero(up, sizeof(*up));
up->id = st->id;
pf_state_peer_hton(&st->src, &up->src);
pf_state_peer_hton(&st->dst, &up->dst);
@@ -1485,8 +1486,6 @@ pfsync_out_upd_c(struct pf_state *st, void *buf)
else
up->expire = htonl(up->expire - time_second);
up->timeout = st->timeout;
-
- bzero(up->_pad, sizeof(up->_pad)); /* XXX */
}
void