diff options
author | Henning Brauer <henning@cvs.openbsd.org> | 2008-07-22 12:31:36 +0000 |
---|---|---|
committer | Henning Brauer <henning@cvs.openbsd.org> | 2008-07-22 12:31:36 +0000 |
commit | 4a079fcf0de1c904c3e4ec3f80d833bcca9f0a7b (patch) | |
tree | 70c50f6f2a71652c3bdbe61306c4db80abf6eeb5 /sys | |
parent | 704888d9ed4cd8258d1d918a7483fd0fac6d97d4 (diff) |
after pf_state_key_atach nothing must use the state keys passed to it any
more, since they might have been invalidated and free'd.
one synproxy errorpath did so, however. just get the state keys from the
state itself. ok david mcbride
Diffstat (limited to 'sys')
-rw-r--r-- | sys/net/pf.c | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index 748527cc18f..7492a5dca91 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.612 2008/07/21 15:58:59 david Exp $ */ +/* $OpenBSD: pf.c,v 1.613 2008/07/22 12:31:35 henning Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -3537,12 +3537,15 @@ pf_create_state(struct pf_rule *r, struct pf_rule *nr, struct pf_rule *a, s->src.state = PF_TCPS_PROXY_SRC; /* undo NAT changes, if they have taken place */ if (nr != NULL) { - PF_ACPY(pd->src, &sk->addr[pd->sidx], pd->af); - PF_ACPY(pd->dst, &sk->addr[pd->didx], pd->af); + struct pf_state_key *skt = s->key[PF_SK_WIRE]; + if (pd->dir == PF_OUT) + skt = s->key[PF_SK_STACK]; + PF_ACPY(pd->src, &skt->addr[pd->sidx], pd->af); + PF_ACPY(pd->dst, &skt->addr[pd->didx], pd->af); if (pd->sport) - *pd->sport = sk->port[pd->sidx]; + *pd->sport = skt->port[pd->sidx]; if (pd->dport) - *pd->dport = sk->port[pd->didx]; + *pd->dport = skt->port[pd->didx]; if (pd->proto_sum) *pd->proto_sum = bproto_sum; if (pd->ip_sum) |