Merge r270928: explicitly free packet on PF_DROP, otherwise a "quick"

rule with "route-to" may still forward it. PR: 177808 Approved by: re (gjb)
author: glebius <glebius@FreeBSD.org> 2014-09-09 10:29:27 +0000
committer: glebius <glebius@FreeBSD.org> 2014-09-09 10:29:27 +0000
commit: 39bf2b650932364d54f4ae2c2eb7200766d81816 (patch)
tree: 3165630d2a039d6e1da5b8a80f15b18ada9a7da9 /sys/netpfil
parent: e55bc1f0d75eb16747c8ed900a2b4bf9a08a0f6f (diff)
download: FreeBSD-src-39bf2b650932364d54f4ae2c2eb7200766d81816.zip
FreeBSD-src-39bf2b650932364d54f4ae2c2eb7200766d81816.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
index 5ae383d..f7f16da 100644
--- a/sys/netpfil/pf/pf.c
+++ b/sys/netpfil/pf/pf.c
@@ -6003,6 +6003,10 @@ done:
 		*m0 = NULL;
 		action = PF_PASS;
 		break;
+	case PF_DROP:
+		m_freem(*m0);
+		*m0 = NULL;
+		break;
 	default:
 		/* pf_route() returns unlocked. */
 		if (r->rt) {
@@ -6379,6 +6383,10 @@ done:
 		*m0 = NULL;
 		action = PF_PASS;
 		break;
+	case PF_DROP:
+		m_freem(*m0);
+		*m0 = NULL;
+		break;
 	default:
 		/* pf_route6() returns unlocked. */
 		if (r->rt) {
author	glebius <glebius@FreeBSD.org>	2014-09-09 10:29:27 +0000
committer	glebius <glebius@FreeBSD.org>	2014-09-09 10:29:27 +0000
commit	39bf2b650932364d54f4ae2c2eb7200766d81816 (patch)
tree	3165630d2a039d6e1da5b8a80f15b18ada9a7da9 /sys/netpfil
parent	e55bc1f0d75eb16747c8ed900a2b4bf9a08a0f6f (diff)
download	FreeBSD-src-39bf2b650932364d54f4ae2c2eb7200766d81816.zip FreeBSD-src-39bf2b650932364d54f4ae2c2eb7200766d81816.tar.gz