CVSROOT: /cvs
Module name: src
Changes by: mi...@cvs.openbsd.org 2013/05/10 05:36:24
Modified files:
sys/net : if_pfsync.c pf.c pfvar.h
Log message:
Since pf_state_key_attach can decide to free the provided state
key we need to sync our state key pointers with whatever values
the function will pick. Not doing so will produce wrong results
if address translation must be applied afterwards and we happen
to have a state key collision. Then pf_translate will follow an
old pointer and punch in garbage addresses into the packet.
Noticed, initial patch and tests by Vitaly Sinilin <vs @ kp4 ! ru>
ok tedu, henning
