diff options
| author | Ryan Thomas McBride <mcbride@cvs.openbsd.org> | 2008-06-19 04:53:22 +0000 |
|---|---|---|
| committer | Ryan Thomas McBride <mcbride@cvs.openbsd.org> | 2008-06-19 04:53:22 +0000 |
| commit | ab6a1b0ade3bdae262aff69a63f1b064a2e913f8 (patch) | |
| tree | c5aad4367f0fed2717d3c25e9ee07109a06c695f /sys/net | |
| parent | 8752ca1e71a285e3ae1fd5366cf12f7bd9db3907 (diff) | |
Fix handling check for NAT and creation of a second pf_state_key in pfsync.
Problem report and testing by david@
Diffstat (limited to 'sys/net')
| -rw-r--r-- | sys/net/if_pfsync.c | 17 |
1 files changed, 9 insertions, 8 deletions
diff --git a/sys/net/if_pfsync.c b/sys/net/if_pfsync.c index 49f2c074a19..33e1063db14 100644 --- a/sys/net/if_pfsync.c +++ b/sys/net/if_pfsync.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_pfsync.c,v 1.96 2008/06/10 22:39:31 mcbride Exp $ */ +/* $OpenBSD: if_pfsync.c,v 1.97 2008/06/19 04:53:21 mcbride Exp $ */ /* * Copyright (c) 2002 Michael Shalayeff @@ -279,17 +279,18 @@ pfsync_insert_net_state(struct pfsync_state *sp, u_int8_t chksum_flag) pfi_kif_unref(kif, PFI_KIF_REF_NONE); return (ENOMEM); } - if ((PF_ANEQ(&sp->key[PF_SK_WIRE].addr[0], + if (PF_ANEQ(&sp->key[PF_SK_WIRE].addr[0], &sp->key[PF_SK_STACK].addr[0], sp->af) || PF_ANEQ(&sp->key[PF_SK_WIRE].addr[1], &sp->key[PF_SK_STACK].addr[1], sp->af) || sp->key[PF_SK_WIRE].port[0] != sp->key[PF_SK_STACK].port[0] || - sp->key[PF_SK_WIRE].port[1] != sp->key[PF_SK_STACK].port[1]) && - (sks = pf_alloc_state_key()) == NULL) { - pool_put(&pf_state_pl, st); - pfi_kif_unref(kif, PFI_KIF_REF_NONE); - pool_put(&pf_state_key_pl, skw); - return (ENOMEM); + sp->key[PF_SK_WIRE].port[1] != sp->key[PF_SK_STACK].port[1]) { + if ((sks = pf_alloc_state_key()) == NULL) { + pool_put(&pf_state_pl, st); + pfi_kif_unref(kif, PFI_KIF_REF_NONE); + pool_put(&pf_state_key_pl, skw); + return (ENOMEM); + } } else sks = skw; |