|
1
|
diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
|
|
2
|
index 4303676..da0db1e 100644
|
|
3
|
--- a/sys/netpfil/pf/pf.c
|
|
4
|
+++ b/sys/netpfil/pf/pf.c
|
|
5
|
@@ -6102,7 +6102,14 @@ pf_test(int dir, struct ifnet *ifp, struct mbuf **m0, struct inpcb *inp)
|
|
6
|
if (m->m_flags & M_SKIP_FIREWALL)
|
|
7
|
return (PF_PASS);
|
|
8
|
|
|
9
|
- pd.pf_mtag = pf_find_mtag(m);
|
|
10
|
+ pd.pf_mtag = pf_get_mtag(m);
|
|
11
|
+ if (pd.pf_mtag == NULL) {
|
|
12
|
+ REASON_SET(&reason, PFRES_MEMORY);
|
|
13
|
+ log = 1;
|
|
14
|
+ DPFPRINTF(PF_DEBUG_MISC,
|
|
15
|
+ ("pf: dropping packet due to failed memory allocation for tags\n"));
|
|
16
|
+ return PF_DROP;
|
|
17
|
+ }
|
|
18
|
|
|
19
|
PF_RULES_RLOCK();
|
|
20
|
|
|
21
|
@@ -6568,7 +6575,14 @@ pf_test6(int dir, struct ifnet *ifp, struct mbuf **m0, struct inpcb *inp)
|
|
22
|
return (PF_PASS);
|
|
23
|
|
|
24
|
memset(&pd, 0, sizeof(pd));
|
|
25
|
- pd.pf_mtag = pf_find_mtag(m);
|
|
26
|
+ pd.pf_mtag = pf_get_mtag(m);
|
|
27
|
+ if (pd.pf_mtag == NULL) {
|
|
28
|
+ REASON_SET(&reason, PFRES_MEMORY);
|
|
29
|
+ log = 1;
|
|
30
|
+ DPFPRINTF(PF_DEBUG_MISC,
|
|
31
|
+ ("pf: dropping packet due to failed memory allocation for tags\n"));
|
|
32
|
+ return PF_DROP;
|
|
33
|
+ }
|
|
34
|
|
|
35
|
if (pd.pf_mtag && pd.pf_mtag->flags & PF_TAG_GENERATED)
|
|
36
|
return (PF_PASS);
|