CVSROOT: /cvs
Module name: src
Changes by: bl...@cvs.openbsd.org 2015/07/08 07:03:26
Modified files:
sys/net : pf.c
Log message:
Linking the local socket to pf states went wrong when IPsec was
involved. For outgoing packets the IPsec layer did not clear the
sending socket from the mbuf when the address changed. This resulted
in strange state match and create behavior in pf. So clear the pf
statekey and inp in the packet header for both directions when the
address changes.
Mark Patruck reported the bug, identified my problematic commit and
tested the fix.
OK mikeb@
