diff options
| author |   bluhm <bluhm@openbsd.org> | 2013-11-18 20:30:04 +0000 |
|---|---|---|
| committer | bluhm <bluhm@openbsd.org> | 2013-11-18 20:30:04 +0000 |
| commit | ef08276dfe14d0ae365bf5666b6ed8ae15ce3977 (patch) | |
| tree | 429faf221c78773196b152e1c79ef2c1e226521f | |
| parent | use arc4random() for ether_fakeaddr, because it is safe (diff) | |
| download | wireguard-openbsd-ef08276dfe14d0ae365bf5666b6ed8ae15ce3977.tar.xz wireguard-openbsd-ef08276dfe14d0ae365bf5666b6ed8ae15ce3977.zip | |
The prio value of a pf match rule was overridden by a later pass
rule even if the latter had no prio flag. Fix match rules with
prio to work as expected.
Found by Roman Kravchuk; reported and tested by Alexey Suslikov;
OK henning@
| -rw-r--r-- | sys/net/pf.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index 368eb03ffcb..cf66f928649 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.861 2013/11/16 00:36:01 chl Exp $ */ +/* $OpenBSD: pf.c,v 1.862 2013/11/18 20:30:04 bluhm Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -3110,8 +3110,10 @@ pf_rule_to_actions(struct pf_rule *r, struct pf_rule_actions *a) a->max_mss = r->max_mss; a->flags |= (r->scrub_flags & (PFSTATE_NODF|PFSTATE_RANDOMID| PFSTATE_SETTOS|PFSTATE_SCRUB_TCP|PFSTATE_SETPRIO)); - a->set_prio[0] = r->set_prio[0]; - a->set_prio[1] = r->set_prio[1]; + if (r->scrub_flags & PFSTATE_SETPRIO) { + a->set_prio[0] = r->set_prio[0]; + a->set_prio[1] = r->set_prio[1]; + } } #define PF_TEST_ATTRIB(t, a) \ |