K 10
svn:author
V 3
gjb
K 8
svn:date
V 27
2015-07-30T17:06:28.073120Z
K 7
svn:log
V 725
MFS 286079:
MFC r285999 (kp):
  pf: Always initialise pf_fragment.fr_flags

  When we allocate the struct pf_fragment in pf_fillup_fragment() we
  forgot to initialise the fr_flags field. As a result we sometimes
  mistakenly thought the fragment to not be a buffered fragment.
  This resulted in panics because we'd end up freeing the pf_fragment
  but not removing it from V_pf_fragqueue (believing it to be part of
  V_pf_cachequeue).  The next time we iterated V_pf_fragqueue we'd use
  a freed object and panic.

  While here also fix a pf_fragment use after free in pf_normalize_ip().
  pf_reassemble() frees the pf_fragment, so we can't use it any more.

Approved by:	re (glebius)
Sponsored by:	The FreeBSD Foundation

END