diff options
| author | Henning Brauer <henning@cvs.openbsd.org> | 2009-11-23 17:22:12 +0000 |
|---|---|---|
| committer | Henning Brauer <henning@cvs.openbsd.org> | 2009-11-23 17:22:12 +0000 |
| commit | 3a2cfacdd19267f7b16a20e7b2d0beaef106fd4d (patch) | |
| tree | b8805bb3c6c5fda53203466a4c63a7fa2c438b66 /sys/net | |
| parent | 0f9ce2f9a7e36ec460519c784713195df3d4d9f0 (diff) | |
pf_test_fragment: we need to bail out if action == PF_DROP, not
if action != PF_PASS. same was changed in pf_test_rule a while back
but the fragment case was forgotten. since everybody reassembles nobody
ran into this.
Diffstat (limited to 'sys/net')
| -rw-r--r-- | sys/net/pf.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index b46e570b3af..69e2c094108 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.672 2009/11/23 17:18:05 henning Exp $ */ +/* $OpenBSD: pf.c,v 1.673 2009/11/23 17:22:11 henning Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -3342,7 +3342,7 @@ pf_test_fragment(struct pf_rule **rm, int direction, struct pfi_kif *kif, PFLOG_PACKET(kif, h, m, af, direction, reason, r, a, ruleset, pd); - if (r->action != PF_PASS) /* XXX wrong */ + if (r->action == PF_DROP) return (PF_DROP); if (pf_tag_packet(m, tag, -1)) { |