diff options
author | Daniel Hartmeier <dhartmei@cvs.openbsd.org> | 2003-01-31 19:36:40 +0000 |
---|---|---|
committer | Daniel Hartmeier <dhartmei@cvs.openbsd.org> | 2003-01-31 19:36:40 +0000 |
commit | de0c93d675056b873853b267fe41459aba28847a (patch) | |
tree | d1fc4db9916c8a2d45deae4895c01840741e2f26 | |
parent | 645a2c4ed8596a17f7f2f7410dd0e42bc2da3bbb (diff) |
The fix introduced with 1.294 to solve issues with route-to in
combination with translations was too broad and broke some
more complex setups (creating two states for one connection on
two interfaces, using modulate state for each, and additionally
using route-to/reply-to on one of them), so narrow it to the
cases where it's needed. Reported by henric@.
-rw-r--r-- | sys/net/pf.c | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index a128a9389f2..408bb73aa82 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.313 2003/01/31 19:22:11 dhartmei Exp $ */ +/* $OpenBSD: pf.c,v 1.314 2003/01/31 19:36:39 dhartmei Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -249,11 +249,12 @@ struct pf_pool_limit pf_pool_limits[PF_LIMIT_MAX] = *state = pf_find_state(&tree_lan_ext, &key); \ if (*state == NULL) \ return (PF_DROP); \ - if ((*state)->rule.ptr != NULL && \ + if (direction == PF_OUT && \ + (*state)->rule.ptr != NULL && \ (((*state)->rule.ptr->rt == PF_ROUTETO && \ - (*state)->rule.ptr->direction == direction) || \ + (*state)->rule.ptr->direction == PF_OUT) || \ ((*state)->rule.ptr->rt == PF_REPLYTO && \ - (*state)->rule.ptr->direction != direction)) && \ + (*state)->rule.ptr->direction == PF_IN)) && \ (*state)->rt_ifp != NULL && \ (*state)->rt_ifp != ifp) \ return (PF_PASS); \ |