diff options
| author |   henning <henning@openbsd.org> | 2012-07-07 15:20:14 +0000 |
|---|---|---|
| committer | henning <henning@openbsd.org> | 2012-07-07 15:20:14 +0000 |
| commit | c495b7d2c66ba230fdbd7c70a3f7d42f5776bf61 (patch) | |
| tree | af95cf1d0757c8b8681c2f99fdd1b31da74f797f /lib/libc | |
| parent | after several improvements to -Tman went in, (diff) | |
| download | wireguard-openbsd-c495b7d2c66ba230fdbd7c70a3f7d42f5776bf61.tar.xz wireguard-openbsd-c495b7d2c66ba230fdbd7c70a3f7d42f5776bf61.zip | |
restore DIOCKILLSTATE semantics to what they were before the NAT rewrite.
when you kill states by IP, it is not all that clear which IP we're talking
about - before or after rewriting?
the old semantics were to always look at the "original" IP, i. e. before
rewriting. ever since the NAT rewrite we were unconditionally looking
at the wire side state key, which is the original address for PF_IN states,
but not for PF_OUT. So look at the SK_STACK state key in the PF_OUT case.
should fix "authpf doesn't remove NAT states" seen on misc a while ago
ok & testing & half of the analysis bob (he sez beck)
Diffstat (limited to 'lib/libc')
0 files changed, 0 insertions, 0 deletions