summaryrefslogtreecommitdiff
path: root/sys/netinet
diff options
context:
space:
mode:
authorAlexandr Nedvedicky <sashan@cvs.openbsd.org>2016-01-25 18:49:58 +0000
committerAlexandr Nedvedicky <sashan@cvs.openbsd.org>2016-01-25 18:49:58 +0000
commit0a3d594e5eaa1ad580bf70b0ae560bac4e176d6c (patch)
treee55e0d3c099def9ec5727c3fbb4a5133bf24ed13 /sys/netinet
parentbb681191f6e6b68a301fe41df1fb713d2b824dce (diff)
- plugging massive pf_state_key leak
OK mpi@ dlg@ sthen@
Diffstat (limited to 'sys/netinet')
-rw-r--r--sys/netinet/ip_input.c5
1 files changed, 4 insertions, 1 deletions
diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c
index 4ceb3de01cd..de0b2367b27 100644
--- a/sys/netinet/ip_input.c
+++ b/sys/netinet/ip_input.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_input.c,v 1.266 2016/01/21 11:23:48 mpi Exp $ */
+/* $OpenBSD: ip_input.c,v 1.267 2016/01/25 18:49:57 sashan Exp $ */
/* $NetBSD: ip_input.c,v 1.30 1996/03/16 23:53:58 christos Exp $ */
/*
@@ -1458,6 +1458,9 @@ ip_forward(struct mbuf *m, struct ifnet *ifp, int srcrt)
len = min(ntohs(ip->ip_len), 68);
m_copydata(m, 0, len, mfake.m_pktdat);
mfake.m_pkthdr.len = mfake.m_len = len;
+#if NPF > 0
+ pf_pkt_unlink_state_key(&mfake);
+#endif /* NPF > 0 */
fake = 1;
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-04 14:28:29 +0000