Subject: CVS commit: src/sys/dist/pf/net
To: None <source-changes@NetBSD.org>
From: Peter Postma <peter@netbsd.org>
List: source-changes
Date: 02/14/2005 21:27:27
Module Name:	src
Committed By:	peter
Date:		Mon Feb 14 21:27:26 UTC 2005

Modified Files:
	src/sys/dist/pf/net: pf.c

Log Message:
Merge in a fix from OPENBSD_3_6.
ok yamt@

> MFC:
> Fix by dhartmei@
>
> ICMP state entries use the ICMP ID as port for the unique state key. When
> checking for a usable key, construct the key in the same way. Otherwise,
> a colliding key might be missed or a state insertion might be refused even
> though it could be inserted. The second case triggers the endless loop
> fixed by 1.474, possibly allowing a NATed LAN client to lock up the kernel.
> Report and test data by Srebrenko Sehic.


To generate a diff of this commit:
cvs rdiff -r1.11 -r1.12 src/sys/dist/pf/net/pf.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.