Subject: CVS commit: src/sys/dist/pf/net
To: None <source-changes@NetBSD.org>
From: Peter Postma <peter@netbsd.org>
List: source-changes
Date: 02/14/2005 21:27:27
Module Name: src
Committed By: peter
Date: Mon Feb 14 21:27:26 UTC 2005
Modified Files:
src/sys/dist/pf/net: pf.c
Log Message:
Merge in a fix from OPENBSD_3_6.
ok yamt@
> MFC:
> Fix by dhartmei@
>
> ICMP state entries use the ICMP ID as port for the unique state key. When
> checking for a usable key, construct the key in the same way. Otherwise,
> a colliding key might be missed or a state insertion might be refused even
> though it could be inserted. The second case triggers the endless loop
> fixed by 1.474, possibly allowing a NATed LAN client to lock up the kernel.
> Report and test data by Srebrenko Sehic.
To generate a diff of this commit:
cvs rdiff -r1.11 -r1.12 src/sys/dist/pf/net/pf.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.