Fix a possible next-hop refcount leak when handling IPSec traffic.
It may be possible to fix this by deferring the lookup, but let's keep the initial change simple to make MFCs easier. PR: 246951 Reviewed by: melifaro MFC after: 1 week Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D25519
This commit is contained in:
parent
f6c03fc6d0
commit
d16a2e4784
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=362840
@ -1028,6 +1028,7 @@ ip_forward(struct mbuf *m, int srcrt)
|
|||||||
if (IPSEC_ENABLED(ipv4)) {
|
if (IPSEC_ENABLED(ipv4)) {
|
||||||
if ((error = IPSEC_FORWARD(ipv4, m)) != 0) {
|
if ((error = IPSEC_FORWARD(ipv4, m)) != 0) {
|
||||||
/* mbuf consumed by IPsec */
|
/* mbuf consumed by IPsec */
|
||||||
|
RO_NHFREE(&ro);
|
||||||
m_freem(mcopy);
|
m_freem(mcopy);
|
||||||
if (error != EINPROGRESS)
|
if (error != EINPROGRESS)
|
||||||
IPSTAT_INC(ips_cantforward);
|
IPSTAT_INC(ips_cantforward);
|
||||||
|
Loading…
Reference in New Issue
Block a user