diff options
author | Joel Sing <jsing@cvs.openbsd.org> | 2008-10-02 15:12:46 +0000 |
---|---|---|
committer | Joel Sing <jsing@cvs.openbsd.org> | 2008-10-02 15:12:46 +0000 |
commit | 7d08047fa5a352aa1290283c9c28329fd7b17473 (patch) | |
tree | ddd966b3c9b0d5c8e8250a6f3a16e9e794b29e13 /usr.sbin/user | |
parent | e00abcef163736430583ff4abd45f99ba5b50c8f (diff) |
When redirect is used with sticky-address and a matching pass rule uses
reply-to, the sticky-address in the source tracking pool is overwritten
with the reply-to address, resulting in new connections being incorrectly
redirected to the reply-to host (instead of the sticky-address host).
Prevent this by passing a NULL source node reference to pf_map_addr() when
looking up the reply-to host, thus preventing the NAT source node from
being overwritten.
ok mcbride@ henning@
Diffstat (limited to 'usr.sbin/user')
0 files changed, 0 insertions, 0 deletions