pf: Don't access sk and nk before they are allocated
ClosedPublic
Actions

Authored by vegeta_tuxpowered.net on Jun 9 2025, 9:30 PM.

Tags

None

Referenced Files

	Unknown Object (File)
	Fri, Nov 28, 7:35 PM

	Unknown Object (File)
	Nov 10 2025, 10:42 PM

	Unknown Object (File)
	Nov 8 2025, 4:16 AM

	Unknown Object (File)
	Oct 29 2025, 9:36 AM

	Unknown Object (File)
	Oct 29 2025, 7:53 AM

	Unknown Object (File)
	Oct 29 2025, 7:44 AM

	Unknown Object (File)
	Oct 29 2025, 7:26 AM

	Unknown Object (File)
	Oct 24 2025, 12:24 PM

Subscribers

Details

Reviewers

Commits

rG16a9f31b8aae: pf: Don't access sk and nk before they are allocated

Summary

The NAT addresses are chosen during ruleset parsing. The new af-to code stores
post-nat addresses in nsaddr. The old nat code (also used for new nat-to rules)
creates state keys and stores addresses in them.

Ensure proper way of accessing the NAT addresses in case sticky-address
is used for af-to rules.

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

vegeta_tuxpowered.net created this revision.Jun 9 2025, 9:30 PM

Herald added subscribers: glebius, melifaro, farrokhi, imp. · View Herald TranscriptJun 9 2025, 9:30 PM

vegeta_tuxpowered.net requested review of this revision.Jun 9 2025, 9:30 PM

Approved.

This revision is now accepted and ready to land.Jun 10 2025, 7:56 PM

Closed by commit rG16a9f31b8aae: pf: Don't access sk and nk before they are allocated (authored by vegeta_tuxpowered.net). · Explain WhyJul 12 2025, 2:32 PM

This revision was automatically updated to reflect the committed changes.

vegeta_tuxpowered.net added a commit: rG16a9f31b8aae: pf: Don't access sk and nk before they are allocated.

Revision Contents
Changeset List

Path

Size

sys/

netpfil/

pf/

pf.c

9 lines

Diff 158371

View Options

pf: Don't access sk and nk before they are allocatedClosedPublicActions