svn commit: r271306 - stable/10/sys/netpfil/pf
Gleb Smirnoff
glebius at FreeBSD.org
Tue Sep 9 10:29:27 UTC 2014
Author: glebius
Date: Tue Sep 9 10:29:27 2014
New Revision: 271306
URL: http://svnweb.freebsd.org/changeset/base/271306
Log:
Merge r270928: explicitly free packet on PF_DROP, otherwise a "quick"
rule with "route-to" may still forward it.
PR: 177808
Approved by: re (gjb)
Modified:
stable/10/sys/netpfil/pf/pf.c
Directory Properties:
stable/10/ (props changed)
Modified: stable/10/sys/netpfil/pf/pf.c
==============================================================================
--- stable/10/sys/netpfil/pf/pf.c Tue Sep 9 10:13:46 2014 (r271305)
+++ stable/10/sys/netpfil/pf/pf.c Tue Sep 9 10:29:27 2014 (r271306)
@@ -6003,6 +6003,10 @@ done:
*m0 = NULL;
action = PF_PASS;
break;
+ case PF_DROP:
+ m_freem(*m0);
+ *m0 = NULL;
+ break;
default:
/* pf_route() returns unlocked. */
if (r->rt) {
@@ -6379,6 +6383,10 @@ done:
*m0 = NULL;
action = PF_PASS;
break;
+ case PF_DROP:
+ m_freem(*m0);
+ *m0 = NULL;
+ break;
default:
/* pf_route6() returns unlocked. */
if (r->rt) {
More information about the svn-src-all
mailing list