Date: Tue, 9 Sep 2014 10:29:27 +0000 (UTC) From: Gleb Smirnoff <glebius@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r271306 - stable/10/sys/netpfil/pf Message-ID: <201409091029.s89ATR2p076287@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: glebius Date: Tue Sep 9 10:29:27 2014 New Revision: 271306 URL: http://svnweb.freebsd.org/changeset/base/271306 Log: Merge r270928: explicitly free packet on PF_DROP, otherwise a "quick" rule with "route-to" may still forward it. PR: 177808 Approved by: re (gjb) Modified: stable/10/sys/netpfil/pf/pf.c Directory Properties: stable/10/ (props changed) Modified: stable/10/sys/netpfil/pf/pf.c ============================================================================== --- stable/10/sys/netpfil/pf/pf.c Tue Sep 9 10:13:46 2014 (r271305) +++ stable/10/sys/netpfil/pf/pf.c Tue Sep 9 10:29:27 2014 (r271306) @@ -6003,6 +6003,10 @@ done: *m0 = NULL; action = PF_PASS; break; + case PF_DROP: + m_freem(*m0); + *m0 = NULL; + break; default: /* pf_route() returns unlocked. */ if (r->rt) { @@ -6379,6 +6383,10 @@ done: *m0 = NULL; action = PF_PASS; break; + case PF_DROP: + m_freem(*m0); + *m0 = NULL; + break; default: /* pf_route6() returns unlocked. */ if (r->rt) {
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201409091029.s89ATR2p076287>