svn commit: r270928 - head/sys/netpfil/pf
Gleb Smirnoff
glebius at FreeBSD.org
Mon Sep 1 13:00:46 UTC 2014
Author: glebius
Date: Mon Sep 1 13:00:45 2014
New Revision: 270928
URL: http://svnweb.freebsd.org/changeset/base/270928
Log:
Explicitly free packet on PF_DROP, otherwise a "quick" rule with
"route-to" may still forward it.
PR: 177808
Submitted by: Kajetan Staszkiewicz <kajetan.staszkiewicz innogames.de>
Sponsored by: InnoGames GmbH
Modified:
head/sys/netpfil/pf/pf.c
Modified: head/sys/netpfil/pf/pf.c
==============================================================================
--- head/sys/netpfil/pf/pf.c Mon Sep 1 09:30:34 2014 (r270927)
+++ head/sys/netpfil/pf/pf.c Mon Sep 1 13:00:45 2014 (r270928)
@@ -6000,6 +6000,10 @@ done:
*m0 = NULL;
action = PF_PASS;
break;
+ case PF_DROP:
+ m_freem(*m0);
+ *m0 = NULL;
+ break;
default:
/* pf_route() returns unlocked. */
if (r->rt) {
@@ -6376,6 +6380,10 @@ done:
*m0 = NULL;
action = PF_PASS;
break;
+ case PF_DROP:
+ m_freem(*m0);
+ *m0 = NULL;
+ break;
default:
/* pf_route6() returns unlocked. */
if (r->rt) {
More information about the svn-src-head
mailing list