From 44c84cf4a98b56b65a39afb7d581c5bc8a74ab9e Mon Sep 17 00:00:00 2001 From: henning Date: Tue, 22 Jul 2008 12:31:35 +0000 Subject: [PATCH] after pf_state_key_atach nothing must use the state keys passed to it any more, since they might have been invalidated and free'd. one synproxy errorpath did so, however. just get the state keys from the state itself. ok david mcbride --- sys/net/pf.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/sys/net/pf.c b/sys/net/pf.c index 748527cc18f..7492a5dca91 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.612 2008/07/21 15:58:59 david Exp $ */ +/* $OpenBSD: pf.c,v 1.613 2008/07/22 12:31:35 henning Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -3537,12 +3537,15 @@ pf_create_state(struct pf_rule *r, struct pf_rule *nr, struct pf_rule *a, s->src.state = PF_TCPS_PROXY_SRC; /* undo NAT changes, if they have taken place */ if (nr != NULL) { - PF_ACPY(pd->src, &sk->addr[pd->sidx], pd->af); - PF_ACPY(pd->dst, &sk->addr[pd->didx], pd->af); + struct pf_state_key *skt = s->key[PF_SK_WIRE]; + if (pd->dir == PF_OUT) + skt = s->key[PF_SK_STACK]; + PF_ACPY(pd->src, &skt->addr[pd->sidx], pd->af); + PF_ACPY(pd->dst, &skt->addr[pd->didx], pd->af); if (pd->sport) - *pd->sport = sk->port[pd->sidx]; + *pd->sport = skt->port[pd->sidx]; if (pd->dport) - *pd->dport = sk->port[pd->didx]; + *pd->dport = skt->port[pd->didx]; if (pd->proto_sum) *pd->proto_sum = bproto_sum; if (pd->ip_sum) -- 2.20.1