diff options
| author |   mcbride <mcbride@openbsd.org> | 2008-06-21 02:05:46 +0000 |
|---|---|---|
| committer | mcbride <mcbride@openbsd.org> | 2008-06-21 02:05:46 +0000 |
| commit | 4fc07df708030d06537ac6f82cd95ae59369307b (patch) | |
| tree | 49e73a9e641722c37318f418ca6bd9798f9ed662 | |
| parent | Don't parse CVS/Root during import. (diff) | |
| download | wireguard-openbsd-4fc07df708030d06537ac6f82cd95ae59369307b.tar.xz wireguard-openbsd-4fc07df708030d06537ac6f82cd95ae59369307b.zip | |
Only do state key linking on the outbound path.
Fixes stateful filtering on enc0.
Problem report, testing, and ok david@
| -rw-r--r-- | sys/net/pf.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index cb48eb721ba..06df960c7f0 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.598 2008/06/16 01:16:04 henning Exp $ */ +/* $OpenBSD: pf.c,v 1.599 2008/06/21 02:05:46 mcbride Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -887,7 +887,7 @@ pf_find_state(struct pfi_kif *kif, struct pf_state_key_cmp *key, u_int dir, if ((sk = RB_FIND(pf_state_tree, &pf_statetbl, (struct pf_state_key *)key)) == NULL) return (NULL); - if (m->m_pkthdr.pf.statekey) { + if (dir == PF_OUT && m->m_pkthdr.pf.statekey) { ((struct pf_state_key *) m->m_pkthdr.pf.statekey)->reverse = sk; sk->reverse = m->m_pkthdr.pf.statekey; |