2726bbe221
prevents a possible endless loop in pf_get_sport() with 'static-port' ICMP state entries use the ICMP ID as port for the unique state key. When checking for a usable key, construct the key in the same way. Otherwise, a colliding key might be missed or a state insertion might be refused even though it could be inserted. The second case triggers the endless loop, possibly allowing a NATed LAN client to lock up the kernel. PR: kern/74930 Reported and tested by: Hugo Silva, Srebrenko Sehic MFC after: 3 days |
||
|---|---|---|
| .. | ||
| altq/altq | ||
| dev | ||
| ia64/libuwx | ||
| ipfilter/netinet | ||
| ngatm | ||
| pf | ||