re-enable the state key linking. i believe the bugs that hit us shortly

before release are fixed, and the extra check i added prevents incorrect
linking if there are still cases with tunnels, tho none of the testers
saw these yet, except for an icmp case that will be fixed shortly. the
extra check prevents misbehavior there.
if you see 'pf: state key linking mismatch' messages please report them to
me along with ifconfig -A and mention if you do any routing or nat tricks.
ok deraadt

1 files changed, 1 insertions, 5 deletions

diff --git a/sys/net/pf.c b/sys/net/pf.c
index 61f63b837a3..564eea27cf3 100644
--- a/sys/net/pf.c
+++ b/sys/net/pf.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pf.c,v 1.619 2008/09/09 13:56:39 henning Exp $ */
+/*	$OpenBSD: pf.c,v 1.620 2008/09/10 09:10:17 henning Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -5825,10 +5825,8 @@ done:
 	if ((s && s->tag) || r->rtableid)
 		pf_tag_packet(m, s ? s->tag : 0, r->rtableid);
 
-#if 0
 	if (dir == PF_IN && s && s->key[PF_SK_STACK])
 		m->m_pkthdr.pf.statekey = s->key[PF_SK_STACK];
-#endif
 
 #ifdef ALTQ
 	if (action == PF_PASS && r->qid) {
@@ -6206,10 +6204,8 @@ done:
 	if ((s && s->tag) || r->rtableid)
 		pf_tag_packet(m, s ? s->tag : 0, r->rtableid);
 
-#if 0
 	if (dir == PF_IN && s && s->key[PF_SK_STACK])
 		m->m_pkthdr.pf.statekey = s->key[PF_SK_STACK];
-#endif
 
 #ifdef ALTQ
 	if (action == PF_PASS && r->qid) {