summaryrefslogtreecommitdiff
path: root/sys/net/pf.c
diff options
context:
space:
mode:
authorHenning Brauer <henning@cvs.openbsd.org>2007-11-22 02:01:47 +0000
committerHenning Brauer <henning@cvs.openbsd.org>2007-11-22 02:01:47 +0000
commite56cf8c4d25f5cfd3a23aa89cb80d72aea7fda37 (patch)
treee544ce86a7de946ee636b579be6862639a5998ab /sys/net/pf.c
parent9fa599e1b5a4546a8704c3933d665873b8fe8c9d (diff)
pf_src_tree_remove_state() is called upon pf_insert_state() failures.
but pf_insert_state does fiddle with the state's state_key pointer - it has too -, and can leave it at NULL. pf_src_tree_remove_state() tried to grab the protocol from it. fortunately that is superfluous here, since tcp_est will never be set in the non-tcp case - it is only touched in pf_src_connlimit which in turn is only ever called from pf_test_tcp(). ok mcbride + identical diff from pascoe, but he was a few minutes late :)
Diffstat (limited to 'sys/net/pf.c')
-rw-r--r--sys/net/pf.c10
1 files changed, 5 insertions, 5 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c
index 1ed5c76320e..915ea6e1cd5 100644
--- a/sys/net/pf.c
+++ b/sys/net/pf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf.c,v 1.564 2007/11/18 21:53:47 deraadt Exp $ */
+/* $OpenBSD: pf.c,v 1.565 2007/11/22 02:01:46 henning Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -816,6 +816,8 @@ pf_insert_state(struct pfi_kif *kif, struct pf_state *s)
TAILQ_FOREACH(sp, &cur->states, next)
if (sp->kif == kif) { /* collision! */
pf_stateins_err("tree_lan_ext", s, kif);
+ pf_detach_state(s,
+ PF_DT_SKIP_LANEXT|PF_DT_SKIP_EXTGWY);
return (-1);
}
pf_detach_state(s, PF_DT_SKIP_LANEXT|PF_DT_SKIP_EXTGWY);
@@ -958,10 +960,8 @@ pf_src_tree_remove_state(struct pf_state *s)
u_int32_t timeout;
if (s->src_node != NULL) {
- if (s->state_key->proto == IPPROTO_TCP) {
- if (s->src.tcp_est)
- --s->src_node->conn;
- }
+ if (s->src.tcp_est)
+ --s->src_node->conn;
if (--s->src_node->states <= 0) {
timeout = s->rule.ptr->timeout[PFTM_SRC_NODE];
if (!timeout)