diff options
| author | Cedric Berger <cedric@cvs.openbsd.org> | 2003-03-21 12:47:37 +0000 |
|---|---|---|
| committer | Cedric Berger <cedric@cvs.openbsd.org> | 2003-03-21 12:47:37 +0000 |
| commit | 079b8cf33068dd0cd8d1e646ce379f12239c1fb0 (patch) | |
| tree | 6d911e51e792f8e04de716a14390a2b9607c84fb /sys/net/pf.c | |
| parent | fe3f5f219ae7e24d36fa68d36510cb47f8d4d0a7 (diff) | |
- Add missing "\n" to some pf_table.c printf()
- Fix two problems with pfr_update_stats().
Filtering was done properly, only stats were wrong.
People should upgrade their kernel if:
- They use bidirectional rules (without "in" or "out") with tables.
- They use tables in negated statements, like "block from !<foo>"
Thanks to David Krause for discovering the problem.
Ok dhartmei@ henning@
Diffstat (limited to 'sys/net/pf.c')
| -rw-r--r-- | sys/net/pf.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index 955963ecc38..692ca171cdc 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.327 2003/03/09 20:26:12 frantzen Exp $ */ +/* $OpenBSD: pf.c,v 1.328 2003/03/21 12:47:36 cedric Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -4396,12 +4396,12 @@ pf_test(int dir, struct ifnet *ifp, struct mbuf **m0) done: if (r != NULL && r->src.addr.type == PF_ADDR_TABLE) pfr_update_stats(r->src.addr.p.tbl, - (r->direction == dir) ? pd.src : pd.dst, pd.af, + (s == NULL || s->direction == dir) ? pd.src : pd.dst, pd.af, pd.tot_len, dir == PF_OUT, r->action == PF_PASS, r->src.not); if (r != NULL && r->dst.addr.type == PF_ADDR_TABLE) pfr_update_stats(r->dst.addr.p.tbl, - (r->direction == dir) ? pd.dst : pd.src, pd.af, + (s == NULL || s->direction == dir) ? pd.dst : pd.src, pd.af, pd.tot_len, dir == PF_OUT, r->action == PF_PASS, r->dst.not); @@ -4627,12 +4627,12 @@ pf_test6(int dir, struct ifnet *ifp, struct mbuf **m0) done: if (r != NULL && r->src.addr.type == PF_ADDR_TABLE) pfr_update_stats(r->src.addr.p.tbl, - (r->direction == dir) ? pd.src : pd.dst, pd.af, + (s == NULL || s->direction == dir) ? pd.src : pd.dst, pd.af, pd.tot_len, dir == PF_OUT, r->action == PF_PASS, r->src.not); if (r != NULL && r->dst.addr.type == PF_ADDR_TABLE) pfr_update_stats(r->dst.addr.p.tbl, - (r->direction == dir) ? pd.dst : pd.src, pd.af, + (s == NULL || s->direction == dir) ? pd.dst : pd.src, pd.af, pd.tot_len, dir == PF_OUT, r->action == PF_PASS, r->dst.not); |