diff options
| author | YASUOKA Masahiko <yasuoka@cvs.openbsd.org> | 2023-01-22 23:05:52 +0000 |
|---|---|---|
| committer | YASUOKA Masahiko <yasuoka@cvs.openbsd.org> | 2023-01-22 23:05:52 +0000 |
| commit | 108274c32781d79e0222243af4636c013770a302 (patch) | |
| tree | ae814d37c42d6dbdf1eb362b82c0f76c1d8591ba | |
| parent | a85a2c447194ac2624fcd54af0053dec3f5a603d (diff) | |
Fix pf_anchor_stackframe commit to revert pf rule matching to the
previous behavior that stops when any rule matches within quick
anchors.
ok sasha kn
| -rw-r--r-- | sys/net/pf.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index b121cc092f9..8cb1326a160 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.1170 2023/01/12 13:09:47 bluhm Exp $ */ +/* $OpenBSD: pf.c,v 1.1171 2023/01/22 23:05:51 yasuoka Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -4210,6 +4210,10 @@ next_rule: } if (pf_anchor_stack_pop(&ruleset, &r, &child, &target) == 0) { + /* stop if any rule matched within quick anchors. */ + if (r->quick == PF_TEST_QUICK && *ctx->am == r) + return (PF_TEST_QUICK); + switch (target) { case PF_NEXT_CHILD: goto next_child; |