diff options
| author |   henning <henning@openbsd.org> | 2008-09-10 09:10:17 +0000 |
|---|---|---|
| committer | henning <henning@openbsd.org> | 2008-09-10 09:10:17 +0000 |
| commit | afbad317ed0e6d7b65e123f8758672d12cb0c4c2 (patch) | |
| tree | 5abc0668c91e81988f89e5caa5d3aee9345daae1 | |
| parent | use one call to arc4random_buf() instead of lots of arc4random() (diff) | |
| download | wireguard-openbsd-afbad317ed0e6d7b65e123f8758672d12cb0c4c2.tar.xz wireguard-openbsd-afbad317ed0e6d7b65e123f8758672d12cb0c4c2.zip | |
re-enable the state key linking. i believe the bugs that hit us shortly
before release are fixed, and the extra check i added prevents incorrect
linking if there are still cases with tunnels, tho none of the testers
saw these yet, except for an icmp case that will be fixed shortly. the
extra check prevents misbehavior there.
if you see 'pf: state key linking mismatch' messages please report them to
me along with ifconfig -A and mention if you do any routing or nat tricks.
ok deraadt
| -rw-r--r-- | sys/net/pf.c | 6 |
1 files changed, 1 insertions, 5 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index 61f63b837a3..564eea27cf3 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.619 2008/09/09 13:56:39 henning Exp $ */ +/* $OpenBSD: pf.c,v 1.620 2008/09/10 09:10:17 henning Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -5825,10 +5825,8 @@ done: if ((s && s->tag) || r->rtableid) pf_tag_packet(m, s ? s->tag : 0, r->rtableid); -#if 0 if (dir == PF_IN && s && s->key[PF_SK_STACK]) m->m_pkthdr.pf.statekey = s->key[PF_SK_STACK]; -#endif #ifdef ALTQ if (action == PF_PASS && r->qid) { @@ -6206,10 +6204,8 @@ done: if ((s && s->tag) || r->rtableid) pf_tag_packet(m, s ? s->tag : 0, r->rtableid); -#if 0 if (dir == PF_IN && s && s->key[PF_SK_STACK]) m->m_pkthdr.pf.statekey = s->key[PF_SK_STACK]; -#endif #ifdef ALTQ if (action == PF_PASS && r->qid) { |