Date: Mon, 1 Sep 2014 13:00:45 +0000 (UTC) From: Gleb Smirnoff <glebius@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r270928 - head/sys/netpfil/pf Message-ID: <201409011300.s81D0jnF019058@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: glebius Date: Mon Sep 1 13:00:45 2014 New Revision: 270928 URL: http://svnweb.freebsd.org/changeset/base/270928 Log: Explicitly free packet on PF_DROP, otherwise a "quick" rule with "route-to" may still forward it. PR: 177808 Submitted by: Kajetan Staszkiewicz <kajetan.staszkiewicz innogames.de> Sponsored by: InnoGames GmbH Modified: head/sys/netpfil/pf/pf.c Modified: head/sys/netpfil/pf/pf.c ============================================================================== --- head/sys/netpfil/pf/pf.c Mon Sep 1 09:30:34 2014 (r270927) +++ head/sys/netpfil/pf/pf.c Mon Sep 1 13:00:45 2014 (r270928) @@ -6000,6 +6000,10 @@ done: *m0 = NULL; action = PF_PASS; break; + case PF_DROP: + m_freem(*m0); + *m0 = NULL; + break; default: /* pf_route() returns unlocked. */ if (r->rt) { @@ -6376,6 +6380,10 @@ done: *m0 = NULL; action = PF_PASS; break; + case PF_DROP: + m_freem(*m0); + *m0 = NULL; + break; default: /* pf_route6() returns unlocked. */ if (r->rt) {
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201409011300.s81D0jnF019058>