diff options
| author | Christiano F. Haesbaert <haesbaert@cvs.openbsd.org> | 2013-11-15 10:18:27 +0000 |
|---|---|---|
| committer | Christiano F. Haesbaert <haesbaert@cvs.openbsd.org> | 2013-11-15 10:18:27 +0000 |
| commit | 6e589d13d5a22dbf0557f9560ff0ea96ac3b0510 (patch) | |
| tree | f326828028199c22158c27509e2a1b6572311326 | |
| parent | 28f7f0e0c022cf25c6540bfb311267b7ba09cbfa (diff) | |
Forget socket linking on pf_pkt_addr_changed(), this fixes among other
things, setups with ipsec+ifbound.
The sympthon was that local IPSec packets (tunnel->tunnel) would not
match state after the latest pf_find_state() changes. The first packet
would go through, but the subsequent ones would fail the match and
collide later with the existing state.
ok henning@ markus@
| -rw-r--r-- | sys/net/pf.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index 07ae04e4f1c..bf060a789d0 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.857 2013/10/30 11:35:10 mpi Exp $ */ +/* $OpenBSD: pf.c,v 1.858 2013/11/15 10:18:26 haesbaert Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -6805,4 +6805,8 @@ void pf_pkt_addr_changed(struct mbuf *m) { m->m_pkthdr.pf.statekey = NULL; + if (m->m_pkthdr.pf.inp) { + m->m_pkthdr.pf.inp->inp_pf_sk = NULL; + m->m_pkthdr.pf.inp = NULL; + } } |