2726bbe221
prevents a possible endless loop in pf_get_sport() with 'static-port' ICMP state entries use the ICMP ID as port for the unique state key. When checking for a usable key, construct the key in the same way. Otherwise, a colliding key might be missed or a state insertion might be refused even though it could be inserted. The second case triggers the endless loop, possibly allowing a NATed LAN client to lock up the kernel. PR: kern/74930 Reported and tested by: Hugo Silva, Srebrenko Sehic MFC after: 3 days |
||
---|---|---|
.. | ||
net | ||
netinet |