git: f40b0e735177 - stable/14 - pf: try to lookup the icmp state based on a correct packet descriptor

From: Kristof Provost <kp_at_FreeBSD.org>
Date: Wed, 04 Sep 2024 08:53:31 UTC 
The branch stable/14 has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=f40b0e735177b25ce67fb488a93834168f4c16e1

commit f40b0e735177b25ce67fb488a93834168f4c16e1
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2024-08-26 14:42:05 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2024-09-04 08:38:15 +0000

    pf: try to lookup the icmp state based on a correct packet descriptor
    
    MFC after:      1 week
    Obtained from:  OpenBSD, mikeb <mikeb@openbsd.org>, e467ea25dcd3
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
    
    (cherry picked from commit b8cd169efa6ac0899b4998898129765ae5c685a6)
---
 sys/netpfil/pf/pf.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
index 62ee12322e8b..5d492394eb87 100644
--- a/sys/netpfil/pf/pf.c
+++ b/sys/netpfil/pf/pf.c
@@ -7224,11 +7224,11 @@ pf_test_state_icmp(struct pf_kstate **state, struct pfi_kkif *kif,
 			    pd->dir, kif, virtual_id, virtual_type,
 			    icmp_dir, &iidx, PF_ICMP_MULTI_NONE, 1);
 			if (ret >= 0) {
-				if (ret == PF_DROP && pd->af == AF_INET6 &&
+				if (ret == PF_DROP && pd2.af == AF_INET6 &&
 				    icmp_dir == PF_OUT) {
 					if (*state != NULL)
 						PF_STATE_UNLOCK((*state));
-					ret = pf_icmp_state_lookup(&key, pd,
+					ret = pf_icmp_state_lookup(&key, &pd2,
 					    state, m, off, pd->dir, kif,
 					    virtual_id, virtual_type,
 					    icmp_dir, &iidx, multi, 1);