diff options
author | Claudio Jeker <claudio@cvs.openbsd.org> | 2010-05-12 08:11:12 +0000 |
---|---|---|
committer | Claudio Jeker <claudio@cvs.openbsd.org> | 2010-05-12 08:11:12 +0000 |
commit | 43c98758a46b9b51821ba2e951ec2757154ff4a0 (patch) | |
tree | 2ede00a969f7e7c8da1b0ec178063d5f429bb45f | |
parent | 73b25af4f81c0b4cad7f80f28a17c1f17cbd2bb9 (diff) |
bzero() the full compressed update struct before setting the values.
This is needed because pf_state_peer_hton() skips some fields in certain
situations which could result in garbage beeing sent to the other peer.
This seems to fix the pfsync storms seen by stephan@ and so dlg owes me
a whiskey.
OK dlg@, stephan@
-rw-r--r-- | sys/net/if_pfsync.c | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/sys/net/if_pfsync.c b/sys/net/if_pfsync.c index 8e279d0091e..a5c00477df6 100644 --- a/sys/net/if_pfsync.c +++ b/sys/net/if_pfsync.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_pfsync.c,v 1.145 2010/04/25 17:38:53 mpf Exp $ */ +/* $OpenBSD: if_pfsync.c,v 1.146 2010/05/12 08:11:11 claudio Exp $ */ /* * Copyright (c) 2002 Michael Shalayeff @@ -1474,6 +1474,7 @@ pfsync_out_upd_c(struct pf_state *st, void *buf) { struct pfsync_upd_c *up = buf; + bzero(up, sizeof(*up)); up->id = st->id; pf_state_peer_hton(&st->src, &up->src); pf_state_peer_hton(&st->dst, &up->dst); @@ -1485,8 +1486,6 @@ pfsync_out_upd_c(struct pf_state *st, void *buf) else up->expire = htonl(up->expire - time_second); up->timeout = st->timeout; - - bzero(up->_pad, sizeof(up->_pad)); /* XXX */ } void |