diff options
| author |   mikeb <mikeb@openbsd.org> | 2014-08-12 14:42:06 +0000 |
|---|---|---|
| committer | mikeb <mikeb@openbsd.org> | 2014-08-12 14:42:06 +0000 |
| commit | 247e78d2b99f5d6d6137f0983ade1b6d55189a8a (patch) | |
| tree | b03d5a6b8292cc07bc46fb87f5505d1f84d85e87 | |
| parent | Apart from some minor code reshuffling the big change is that we (diff) | |
| download | wireguard-openbsd-247e78d2b99f5d6d6137f0983ade1b6d55189a8a.tar.xz wireguard-openbsd-247e78d2b99f5d6d6137f0983ade1b6d55189a8a.zip | |
Make sure that pf_step_into_anchor always saves a pointer to the rule
that owns the anchor on the pf anchor stack. There's no reason why we
should check for depth here. As a side effect this makes sure that the
correct nested anchor gets it's counter bumped instead of the top most.
For the save/restore symmetry pf_step_out_of_anchor is made to always
restore previous value of the anchor rule. depth == 0 means what we a
at the top (main ruleset).
OK henning
| -rw-r--r-- | sys/net/pf.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index dae2d8b24da..b5fdc93ef4c 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.884 2014/08/12 14:38:27 mikeb Exp $ */ +/* $OpenBSD: pf.c,v 1.885 2014/08/12 14:42:06 mikeb Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -2668,7 +2668,7 @@ pf_step_into_anchor(int *depth, struct pf_ruleset **rs, log(LOG_ERR, "pf_step_into_anchor: stack overflow\n"); *r = TAILQ_NEXT(*r, entries); return; - } else if (*depth == 0 && a != NULL) + } else if (a != NULL) *a = *r; f = pf_anchor_stack + (*depth)++; f->rs = *rs; @@ -2713,6 +2713,8 @@ pf_step_out_of_anchor(int *depth, struct pf_ruleset **rs, (*depth)--; if (*depth == 0 && a != NULL) *a = NULL; + else if (a != NULL) + *a = f->r; *rs = f->rs; if (*match > *depth) { *match = *depth; |