CVSROOT: /cvs
Module name: src
Changes by: sas...@cvs.openbsd.org 2023/07/04 05:34:20
Modified files:
libexec/snmpd/snmpd_metrics: mib.c
sys/net : pf_ioctl.c pfvar.h
usr.bin/systat : pftop.c
Log message:
The recent change to DIOCGETRULE allows applications which
periodically read rules from pf(4) to consume all kernel
memory. The bug has been discovered and root caused by florian@.
In this particular case it was snmpd(8) what ate all kernel
memory.
This commit introduces DIOCXEND to pf(4) so applications such
as snmpd(8) and systat(1) to close ticket/transaction when
they are done with fetching the rules. This change also
updates snmpd(8) and systat(1) to use newly introduced
DIOCXEND ioctl(2).
OK claudio@, deraadt@, kn@
