On Thu, Oct 09, 2003 at 12:28:02PM -0600, Colin Harford wrote:
> it is a recent kernel from 7 days ago...
Looks like it was introduced with pf.c 1.391 (post-3.4 -current), and
the patch below should fix it. Certain invalid packets would trigger
uninitialized values to get added to byte counters, there's no
overwriting or overflow.
Daniel
Index: pf.c
===================================================================
RCS file: /cvs/src/sys/net/pf.c,v
retrieving revision 1.393
diff -u -r1.393 pf.c
--- pf.c 2 Oct 2003 05:47:30 -0000 1.393
+++ pf.c 10 Oct 2003 07:10:30 -0000
@@ -4739,6 +4739,7 @@
panic("non-M_PKTHDR is passed to pf_test");
#endif
+ memset(&pd, 0, sizeof(pd));
if (m->m_pkthdr.len < (int)sizeof(*h)) {
action = PF_DROP;
REASON_SET(&reason, PFRES_SHORT);
@@ -4762,7 +4763,6 @@
goto done;
}
- memset(&pd, 0, sizeof(pd));
pd.src = (struct pf_addr *)&h->ip_src;
pd.dst = (struct pf_addr *)&h->ip_dst;
pd.ip_sum = &h->ip_sum;
@@ -4981,6 +4981,7 @@
panic("non-M_PKTHDR is passed to pf_test");
#endif
+ memset(&pd, 0, sizeof(pd));
if (m->m_pkthdr.len < (int)sizeof(*h)) {
action = PF_DROP;
REASON_SET(&reason, PFRES_SHORT);
@@ -4996,7 +4997,6 @@
m = *m0;
h = mtod(m, struct ip6_hdr *);
- memset(&pd, 0, sizeof(pd));
pd.src = (struct pf_addr *)&h->ip6_src;
pd.dst = (struct pf_addr *)&h->ip6_dst;
pd.ip_sum = NULL;
