Author :
sashan
Date :
2023-07-04 11:34:19
Hash :d2364f60 Message :The recent change to DIOCGETRULE allows applications which
periodically read rules from pf(4) to consume all kernel
memory. The bug has been discovered and root caused by florian@.
In this particular case it was snmpd(8) what ate all kernel
memory.
This commit introduces DIOCXEND to pf(4) so applications such
as snmpd(8) and systat(1) to close ticket/transaction when
they are done with fetching the rules. This change also
updates snmpd(8) and systat(1) to use newly introduced
DIOCXEND ioctl(2).
OK claudio@, deraadt@, kn@