From 43c98758a46b9b51821ba2e951ec2757154ff4a0 Mon Sep 17 00:00:00 2001 From: Claudio Jeker Date: Wed, 12 May 2010 08:11:12 +0000 Subject: bzero() the full compressed update struct before setting the values. This is needed because pf_state_peer_hton() skips some fields in certain situations which could result in garbage beeing sent to the other peer. This seems to fix the pfsync storms seen by stephan@ and so dlg owes me a whiskey. OK dlg@, stephan@ --- sys/net/if_pfsync.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'sys/net') diff --git a/sys/net/if_pfsync.c b/sys/net/if_pfsync.c index 8e279d0091e..a5c00477df6 100644 --- a/sys/net/if_pfsync.c +++ b/sys/net/if_pfsync.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_pfsync.c,v 1.145 2010/04/25 17:38:53 mpf Exp $ */ +/* $OpenBSD: if_pfsync.c,v 1.146 2010/05/12 08:11:11 claudio Exp $ */ /* * Copyright (c) 2002 Michael Shalayeff @@ -1474,6 +1474,7 @@ pfsync_out_upd_c(struct pf_state *st, void *buf) { struct pfsync_upd_c *up = buf; + bzero(up, sizeof(*up)); up->id = st->id; pf_state_peer_hton(&st->src, &up->src); pf_state_peer_hton(&st->dst, &up->dst); @@ -1485,8 +1486,6 @@ pfsync_out_upd_c(struct pf_state *st, void *buf) else up->expire = htonl(up->expire - time_second); up->timeout = st->timeout; - - bzero(up->_pad, sizeof(up->_pad)); /* XXX */ } void -- cgit v1.2.3