From 0cbf499e97e7e2df822105d60f96901274218bbe Mon Sep 17 00:00:00 2001
From: glebius <glebius@FreeBSD.org>
Date: Mon, 1 Sep 2014 13:00:45 +0000
Subject: [PATCH] Explicitly free packet on PF_DROP, otherwise a "quick" rule
 with "route-to" may still forward it.

PR:		177808
Submitted by:	Kajetan Staszkiewicz <kajetan.staszkiewicz innogames.de>
Sponsored by:	InnoGames GmbH
---
 sys/netpfil/pf/pf.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
index fdf9accf75d1..498a32179af4 100644
--- a/sys/netpfil/pf/pf.c
+++ b/sys/netpfil/pf/pf.c
@@ -6000,6 +6000,10 @@ done:
 		*m0 = NULL;
 		action = PF_PASS;
 		break;
+	case PF_DROP:
+		m_freem(*m0);
+		*m0 = NULL;
+		break;
 	default:
 		/* pf_route() returns unlocked. */
 		if (r->rt) {
@@ -6376,6 +6380,10 @@ done:
 		*m0 = NULL;
 		action = PF_PASS;
 		break;
+	case PF_DROP:
+		m_freem(*m0);
+		*m0 = NULL;
+		break;
 	default:
 		/* pf_route6() returns unlocked. */
 		if (r->rt) {