Differential D53737

pf: fix udp_mapping cleanup
ClosedPublic
Actions

Authored by kp on Nov 13 2025, 3:23 PM.

Tags

None

Referenced Files

	Unknown Object (File)
	Sun, Mar 29, 12:42 PM

	Unknown Object (File)
	Wed, Mar 25, 11:11 AM

	Unknown Object (File)
	Mon, Mar 16, 10:18 PM

	Unknown Object (File)
	Fri, Mar 13, 4:44 AM

	Unknown Object (File)
	Tue, Mar 10, 10:43 PM

	Unknown Object (File)
	Tue, Mar 10, 5:33 PM

	Unknown Object (File)
	Tue, Mar 10, 12:06 AM

	Unknown Object (File)
	Mar 1 2026, 11:10 PM

View All 44 Files

Subscribers

luke.hamburg_gmail.com

vegeta_tuxpowered.net

Details

Reviewers

Group Reviewers

network
pfsense

Commits

rG870a7a949bf9: pf: fix udp_mapping cleanup
rGc12013f5bb38: pf: fix udp_mapping cleanup

Summary

If we fail to obtain a new source port (pf_get_sport()) while we've
created a udp_mapping (for 'endpoint independent nat') we must free the
udp_mapping in pf_get_sport(). Otherwise the calling function will call
pf_udp_mapping_release(). This will then attempt to remove the udp_mapping from
a list it's not in, and crash.

Actually free the udp_mapping in all failure cases. While here sprinkle in a few
more assertions to ensure we don't forget leak udp_mappings and add a test case
to provoke this problem.

MFC after: 1 week
See also: https://redmine.pfsense.org/issues/16517
Sponsored by: Rubicon Communications, LLC ("Netgate")

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

kp created this revision.Nov 13 2025, 3:23 PM

Herald added subscribers: vegeta_tuxpowered.net, glebius, melifaro and 2 others. · View Herald TranscriptNov 13 2025, 3:23 PM

kp requested review of this revision.Nov 13 2025, 3:23 PM

Harbormaster completed remote builds in B68602: Diff 166366.Nov 13 2025, 3:23 PM

luke.hamburg_gmail.com added a subscriber: luke.hamburg_gmail.com.Nov 13 2025, 6:52 PM

thj accepted this revision.Nov 17 2025, 10:03 AM

This revision is now accepted and ready to land.Nov 17 2025, 10:03 AM

Closed by commit rGc12013f5bb38: pf: fix udp_mapping cleanup (authored by kp). · Explain WhyNov 17 2025, 3:48 PM

This revision was automatically updated to reflect the committed changes.

kp added a commit: rGc12013f5bb38: pf: fix udp_mapping cleanup.

kp added a commit: rG870a7a949bf9: pf: fix udp_mapping cleanup.Nov 25 2025, 9:50 AM

Revision Contents
Changeset List

Path

Size

sys/

netpfil/

pf/

29 lines

tests/

sys/

netpfil/

pf/

30 lines

Diff 166576

sys/netpfil/pf/pf_lb.c

Loading...

tests/sys/netpfil/pf/nat.sh

Loading...