Differential D53737

pf: fix udp_mapping cleanup
ClosedPublic
Actions

Authored by kp on Nov 13 2025, 3:23 PM.

Tags

None

Referenced Files

	F147325185: D53737.diff
	Tue, Mar 10, 12:06 AM

	Unknown Object (File)
	Sun, Mar 1, 11:10 PM

	Unknown Object (File)
	Sun, Mar 1, 5:39 PM

	Unknown Object (File)
	Thu, Feb 26, 4:36 PM

	Unknown Object (File)
	Thu, Feb 26, 1:12 PM

	Unknown Object (File)
	Sat, Feb 14, 2:46 PM

	Unknown Object (File)
	Jan 31 2026, 1:28 AM

	Unknown Object (File)
	Jan 31 2026, 1:28 AM

View All 38 Files

Subscribers

luke.hamburg_gmail.com

vegeta_tuxpowered.net

Details

Reviewers

Group Reviewers

network
pfsense

Commits

rG870a7a949bf9: pf: fix udp_mapping cleanup
rGc12013f5bb38: pf: fix udp_mapping cleanup

Summary

If we fail to obtain a new source port (pf_get_sport()) while we've
created a udp_mapping (for 'endpoint independent nat') we must free the
udp_mapping in pf_get_sport(). Otherwise the calling function will call
pf_udp_mapping_release(). This will then attempt to remove the udp_mapping from
a list it's not in, and crash.

Actually free the udp_mapping in all failure cases. While here sprinkle in a few
more assertions to ensure we don't forget leak udp_mappings and add a test case
to provoke this problem.

MFC after: 1 week
See also: https://redmine.pfsense.org/issues/16517
Sponsored by: Rubicon Communications, LLC ("Netgate")

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

kp created this revision.Nov 13 2025, 3:23 PM

Herald added subscribers: vegeta_tuxpowered.net, glebius, melifaro and 2 others. · View Herald TranscriptNov 13 2025, 3:23 PM

kp requested review of this revision.Nov 13 2025, 3:23 PM

Harbormaster completed remote builds in B68602: Diff 166366.Nov 13 2025, 3:23 PM

luke.hamburg_gmail.com added a subscriber: luke.hamburg_gmail.com.Nov 13 2025, 6:52 PM

thj accepted this revision.Nov 17 2025, 10:03 AM

This revision is now accepted and ready to land.Nov 17 2025, 10:03 AM

Closed by commit rGc12013f5bb38: pf: fix udp_mapping cleanup (authored by kp). · Explain WhyNov 17 2025, 3:48 PM

This revision was automatically updated to reflect the committed changes.

kp added a commit: rGc12013f5bb38: pf: fix udp_mapping cleanup.

kp added a commit: rG870a7a949bf9: pf: fix udp_mapping cleanup.Nov 25 2025, 9:50 AM

Revision Contents
Changeset List

Path

Size

sys/

netpfil/

pf/

29 lines

tests/

sys/

netpfil/

pf/

30 lines

Diff 166576

sys/netpfil/pf/pf_lb.c

Loading...

tests/sys/netpfil/pf/nat.sh

Loading...