artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c4f11a1) | patch
pf(4) must not pass packet if state cannot be created.
authorbluhm <bluhm@openbsd.org>
Tue, 10 Oct 2023 16:26:06 +0000 (16:26 +0000)
committerbluhm <bluhm@openbsd.org>
Tue, 10 Oct 2023 16:26:06 +0000 (16:26 +0000)
commit89860f872aa418b0d4a11598306a3c65a1dae396
tree698d98209b6f172f822a16646f3a5de3e9bdb291tree | snapshot
parentc4f11a127652779ac3804b8bfaeb83b0f4b24955commit | diff
pf(4) must not pass packet if state cannot be created.

The behavior of the PFRULE_SRCTRACK and max_states check was
unintentionally changed by commit revision 1.964.  If the state was
not created due to some limit had been reached, pf still passed the
packet.  Restore the old logic by setting action to pass later,
after the checks.  In pf_test_rule() action is initialized to drop.

OK sashan@
sys/net/pf.c diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim