summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHenning Brauer <henning@cvs.openbsd.org>2009-04-15 13:10:39 +0000
committerHenning Brauer <henning@cvs.openbsd.org>2009-04-15 13:10:39 +0000
commit76325609b708b1e8f76e3fd663a43fbed6f389fa (patch)
treeffdb04d69a1893f7b78090fe126f6403a5b4f5a3
parent2c370f9ef0e25a7dcaf0ed6c098c81bc3ac6119b (diff)
little dose of scrubbing after the monster changes:
correctly inherit queue stuff, tag, rtableid from the rule if we have no state some logic simplification and removal of redundant checks ok dlg
-rw-r--r--sys/net/pf.c31
1 files changed, 18 insertions, 13 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c
index acdb1dd6db6..d3f7ff3a59b 100644
--- a/sys/net/pf.c
+++ b/sys/net/pf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf.c,v 1.643 2009/04/15 05:14:45 david Exp $ */
+/* $OpenBSD: pf.c,v 1.644 2009/04/15 13:10:38 henning Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -5381,6 +5381,7 @@ pf_test(int dir, struct ifnet *ifp, struct mbuf **m0,
struct pf_ruleset *ruleset = NULL;
struct pf_pdesc pd;
int off, dirndx, pqid = 0;
+ u_int16_t qid;
if (!pf_status.running)
return (PF_PASS);
@@ -5583,25 +5584,29 @@ done:
("pf: dropping packet with ip options\n"));
}
- if (s)
+ if (s) {
pf_scrub_ip(&m, s->state_flags, s->min_ttl, s->set_tos);
- else
+ pf_tag_packet(m, s->tag, s->rtableid);
+ if (pqid || (pd.tos & IPTOS_LOWDELAY))
+ qid = s->pqid;
+ else
+ qid = s->qid;
+ } else {
pf_scrub_ip(&m, r->scrub_flags, r->min_ttl, r->set_tos);
-
- if (s && (s->tag || s->rtableid))
- pf_tag_packet(m, s ? s->tag : 0, s->rtableid);
+ pf_tag_packet(m, r->tag, r->rtableid);
+ if (pqid || (pd.tos & IPTOS_LOWDELAY))
+ qid = r->pqid;
+ else
+ qid = r->qid;
+ }
if (dir == PF_IN && s && s->key[PF_SK_STACK])
m->m_pkthdr.pf.statekey = s->key[PF_SK_STACK];
#ifdef ALTQ
- if (action == PF_PASS && s && s->qid) {
- if (pqid || (pd.tos & IPTOS_LOWDELAY))
- m->m_pkthdr.pf.qid = s->pqid;
- else
- m->m_pkthdr.pf.qid = s->qid;
- /* add hints for ecn */
- m->m_pkthdr.pf.hdr = h;
+ if (action == PF_PASS && qid) {
+ m->m_pkthdr.pf.qid = qid;
+ m->m_pkthdr.pf.hdr = h; /* hints for ecn */
}
#endif /* ALTQ */