pf: Don't access sk and nk before they are allocated
ClosedPublic
Actions

Authored by vegeta_tuxpowered.net on Jun 9 2025, 9:30 PM.

Tags

None

Referenced Files

	Unknown Object (File)
	Fri, Mar 27, 4:43 AM

	Unknown Object (File)
	Fri, Mar 27, 12:30 AM

	Unknown Object (File)
	Thu, Mar 26, 9:52 PM

	Unknown Object (File)
	Thu, Mar 26, 2:19 PM

	Unknown Object (File)
	Tue, Mar 17, 12:39 PM

	Unknown Object (File)
	Sat, Mar 14, 4:26 PM

	Unknown Object (File)
	Feb 8 2026, 8:01 AM

	Unknown Object (File)
	Feb 8 2026, 12:06 AM

Subscribers

Details

Reviewers

Commits

rG16a9f31b8aae: pf: Don't access sk and nk before they are allocated

Summary

The NAT addresses are chosen during ruleset parsing. The new af-to code stores
post-nat addresses in nsaddr. The old nat code (also used for new nat-to rules)
creates state keys and stores addresses in them.

Ensure proper way of accessing the NAT addresses in case sticky-address
is used for af-to rules.

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

vegeta_tuxpowered.net created this revision.Jun 9 2025, 9:30 PM

Herald added subscribers: glebius, melifaro, farrokhi, imp. · View Herald TranscriptJun 9 2025, 9:30 PM

vegeta_tuxpowered.net requested review of this revision.Jun 9 2025, 9:30 PM

Approved.

This revision is now accepted and ready to land.Jun 10 2025, 7:56 PM

Closed by commit rG16a9f31b8aae: pf: Don't access sk and nk before they are allocated (authored by vegeta_tuxpowered.net). · Explain WhyJul 12 2025, 2:32 PM

This revision was automatically updated to reflect the committed changes.

vegeta_tuxpowered.net added a commit: rG16a9f31b8aae: pf: Don't access sk and nk before they are allocated.

Revision Contents
Changeset List

Path

Size

sys/

netpfil/

pf/

pf.c

9 lines

Diff 158371

View Options

pf: Don't access sk and nk before they are allocatedClosedPublicActions