diff options
| author |   bluhm <bluhm@openbsd.org> | 2016-11-23 12:13:23 +0000 |
|---|---|---|
| committer | bluhm <bluhm@openbsd.org> | 2016-11-23 12:13:23 +0000 |
| commit | 1bcfad03f2ad7d9f6cadeb048244c88c37b9dcfe (patch) | |
| tree | 8aa9a9ef92ea5a4c4703eed042429af79066ef3c /sys | |
| parent | M_*WAIT* flags cannot be treated as boolean values (diff) | |
| download | wireguard-openbsd-1bcfad03f2ad7d9f6cadeb048244c88c37b9dcfe.tar.xz wireguard-openbsd-1bcfad03f2ad7d9f6cadeb048244c88c37b9dcfe.zip | |
Explicitly forbid to combine af-to with route-to in pfctl. The
parser cannot handle that correctly and is is unclear wether the
kernel code would work. Remove the feature until someone needs it
and properly implements and tests it.
OK mike@ sashan@ mpi@
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/net/pf.c | 32 |
1 files changed, 10 insertions, 22 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index b749f03ebda..7316c70e731 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.1001 2016/11/22 19:29:54 procter Exp $ */ +/* $OpenBSD: pf.c,v 1.1002 2016/11/23 12:13:23 bluhm Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -6878,28 +6878,16 @@ done: action = PF_DROP; break; } - if (r->rt) { - switch (pd.naf) { - case AF_INET: - pf_route(&pd, r, s); - break; - case AF_INET6: - pf_route6(&pd, r, s); - break; - } - } - if (pd.m) { - pd.m->m_pkthdr.pf.flags |= PF_TAG_GENERATED; - switch (pd.naf) { - case AF_INET: - ip_output(pd.m, NULL, NULL, 0, NULL, NULL, 0); - break; - case AF_INET6: - ip6_output(pd.m, NULL, NULL, 0, NULL, NULL); - break; - } - pd.m = NULL; + pd.m->m_pkthdr.pf.flags |= PF_TAG_GENERATED; + switch (pd.naf) { + case AF_INET: + ip_output(pd.m, NULL, NULL, 0, NULL, NULL, 0); + break; + case AF_INET6: + ip6_output(pd.m, NULL, NULL, 0, NULL, NULL); + break; } + pd.m = NULL; action = PF_PASS; break; #endif /* INET6 */ |