diff options
| author |   mcbride <mcbride@openbsd.org> | 2008-07-01 13:07:02 +0000 |
|---|---|---|
| committer | mcbride <mcbride@openbsd.org> | 2008-07-01 13:07:02 +0000 |
| commit | 2556b8c40d0ac1af116192fb906e6e3572bf0811 (patch) | |
| tree | fa4978e1d59e2b0afd3a64ac8bda93a404a07cb1 | |
| parent | PF_DT_SKIP_STATETREE is no longer used. (diff) | |
| download | wireguard-openbsd-2556b8c40d0ac1af116192fb906e6e3572bf0811.tar.xz wireguard-openbsd-2556b8c40d0ac1af116192fb906e6e3572bf0811.zip | |
Don't return immediately if we're actually passing the traffic, we want to
ensure that the packet gets rewritten correctly first.
As usual, problem pointed out by david
ok henning
| -rw-r--r-- | sys/net/pf.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index 475e0717817..4b3791f0c1f 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.602 2008/07/01 12:56:19 mcbride Exp $ */ +/* $OpenBSD: pf.c,v 1.603 2008/07/01 13:07:02 mcbride Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -3350,6 +3350,7 @@ pf_test_rule(struct pf_rule **rm, struct pf_state **sm, int direction, action = pf_create_state(r, nr, a, pd, nsn, skw, sks, nk, sk, m, off, sport, dport, &rewrite, kif, sm, tag, bproto_sum, bip_sum, hdrlen); + if (action != PF_PASS) return (action); } |