diff options
| author | Ryan Thomas McBride <mcbride@cvs.openbsd.org> | 2011-11-26 03:28:47 +0000 |
|---|---|---|
| committer | Ryan Thomas McBride <mcbride@cvs.openbsd.org> | 2011-11-26 03:28:47 +0000 |
| commit | fa71261ee7d2ef70324896f686ca3bcb0d17cd91 (patch) | |
| tree | 185d2454e757010a70a0784f948f40cf67b16a25 /sys/net/if_pfsync.c | |
| parent | 893f80d6448e8933a169dc1439c77f8a5ec141d9 (diff) | |
Apply route-to to deferred packet; without this the first packet of a
connection does not observe the route-to option.
ok dlg mikeb
Diffstat (limited to 'sys/net/if_pfsync.c')
| -rw-r--r-- | sys/net/if_pfsync.c | 37 |
1 files changed, 29 insertions, 8 deletions
diff --git a/sys/net/if_pfsync.c b/sys/net/if_pfsync.c index fad21969a58..3de25070ecc 100644 --- a/sys/net/if_pfsync.c +++ b/sys/net/if_pfsync.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_pfsync.c,v 1.175 2011/11/25 12:52:10 dlg Exp $ */ +/* $OpenBSD: if_pfsync.c,v 1.176 2011/11/26 03:28:46 mcbride Exp $ */ /* * Copyright (c) 2002 Michael Shalayeff @@ -1768,16 +1768,37 @@ pfsync_undefer(struct pfsync_deferral *pd, int drop) if (drop) m_freem(pd->pd_m); else { - switch (pd->pd_st->key[PF_SK_WIRE]->af) { + if (pd->pd_st->rule.ptr->rt) { + switch (pd->pd_st->key[PF_SK_WIRE]->af) { #ifdef INET - case AF_INET: - ip_output(pd->pd_m, NULL, NULL, 0, NULL, NULL); - break; + case AF_INET: + pf_route(&pd->pd_m, pd->pd_st->rule.ptr, + pd->pd_st->direction, + pd->pd_st->rt_kif->pfik_ifp, pd->pd_st); + break; #endif /* INET */ #ifdef INET6 - case AF_INET6: - ip6_output(pd->pd_m, NULL, NULL, 0, NULL, NULL, NULL); - break; + case AF_INET6: + pf_route6(&pd->pd_m, pd->pd_st->rule.ptr, + pd->pd_st->direction, + pd->pd_st->rt_kif->pfik_ifp, pd->pd_st); + break; +#endif /* INET6 */ + } + } else { + switch (pd->pd_st->key[PF_SK_WIRE]->af) { +#ifdef INET + case AF_INET: + ip_output(pd->pd_m, NULL, NULL, 0, + NULL, NULL); + break; +#endif /* INET */ +#ifdef INET6 + case AF_INET6: + ip6_output(pd->pd_m, NULL, NULL, 0, + NULL, NULL, NULL); + break; + } #endif /* INET6 */ } } |