K 10
svn:author
V 3
gjb
K 8
svn:date
V 27
2015-07-30T16:06:13.333835Z
K 7
svn:log
V 709
MFC r285999 (kp):
  pf: Always initialise pf_fragment.fr_flags

  When we allocate the struct pf_fragment in pf_fillup_fragment() we
  forgot to initialise the fr_flags field. As a result we sometimes
  mistakenly thought the fragment to not be a buffered fragment.
  This resulted in panics because we'd end up freeing the pf_fragment
  but not removing it from V_pf_fragqueue (believing it to be part of
  V_pf_cachequeue).  The next time we iterated V_pf_fragqueue we'd use
  a freed object and panic.

  While here also fix a pf_fragment use after free in pf_normalize_ip().
  pf_reassemble() frees the pf_fragment, so we can't use it any more.

X-MFS-To:	releng/10.2
Sponsored by:	The FreeBSD Foundation

END