On Mon, Jul 20, 2015 at 04:27:45AM +0900, Ryan McBride wrote:
ok mcbride@
err
I took a look at the patch one more time. I've realized PF must bind the rules
to state before STATE_INC_COUNTERS() gets called. Not doing so makes PF to
play games with dangling pointers to rule from state.
Hello,
It seems to me PF might leak rule items when pf_create_state() fails to create
state for matching packet.
The scenario is as follows:
packet matches couple of 'match' rules before it hits a 'pass' rule
match rules are kept in `rules` single list, which is a local variable
of
