summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Hartmeier <dhartmei@cvs.openbsd.org>2003-01-31 19:36:40 +0000
committerDaniel Hartmeier <dhartmei@cvs.openbsd.org>2003-01-31 19:36:40 +0000
commitde0c93d675056b873853b267fe41459aba28847a (patch)
treed1fc4db9916c8a2d45deae4895c01840741e2f26
parent645a2c4ed8596a17f7f2f7410dd0e42bc2da3bbb (diff)
The fix introduced with 1.294 to solve issues with route-to in
combination with translations was too broad and broke some more complex setups (creating two states for one connection on two interfaces, using modulate state for each, and additionally using route-to/reply-to on one of them), so narrow it to the cases where it's needed. Reported by henric@.
-rw-r--r--sys/net/pf.c9
1 files changed, 5 insertions, 4 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c
index a128a9389f2..408bb73aa82 100644
--- a/sys/net/pf.c
+++ b/sys/net/pf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf.c,v 1.313 2003/01/31 19:22:11 dhartmei Exp $ */
+/* $OpenBSD: pf.c,v 1.314 2003/01/31 19:36:39 dhartmei Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -249,11 +249,12 @@ struct pf_pool_limit pf_pool_limits[PF_LIMIT_MAX] =
*state = pf_find_state(&tree_lan_ext, &key); \
if (*state == NULL) \
return (PF_DROP); \
- if ((*state)->rule.ptr != NULL && \
+ if (direction == PF_OUT && \
+ (*state)->rule.ptr != NULL && \
(((*state)->rule.ptr->rt == PF_ROUTETO && \
- (*state)->rule.ptr->direction == direction) || \
+ (*state)->rule.ptr->direction == PF_OUT) || \
((*state)->rule.ptr->rt == PF_REPLYTO && \
- (*state)->rule.ptr->direction != direction)) && \
+ (*state)->rule.ptr->direction == PF_IN)) && \
(*state)->rt_ifp != NULL && \
(*state)->rt_ifp != ifp) \
return (PF_PASS); \