diff options
| author | Alexander Bluhm <bluhm@cvs.openbsd.org> | 2013-11-18 20:30:05 +0000 |
|---|---|---|
| committer | Alexander Bluhm <bluhm@cvs.openbsd.org> | 2013-11-18 20:30:05 +0000 |
| commit | 1a636228d4f25fc453ef65bab0cc177c1563273f (patch) | |
| tree | 49abde6b41c54e3bc27ca337ab1c2daa3345e65b /sys/net | |
| parent | 6cbe8bc463a4982b1bc2c4a8c6648307240e4745 (diff) | |
The prio value of a pf match rule was overridden by a later pass
rule even if the latter had no prio flag. Fix match rules with
prio to work as expected.
Found by Roman Kravchuk; reported and tested by Alexey Suslikov;
OK henning@
Diffstat (limited to 'sys/net')
| -rw-r--r-- | sys/net/pf.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index 368eb03ffcb..cf66f928649 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.861 2013/11/16 00:36:01 chl Exp $ */ +/* $OpenBSD: pf.c,v 1.862 2013/11/18 20:30:04 bluhm Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -3110,8 +3110,10 @@ pf_rule_to_actions(struct pf_rule *r, struct pf_rule_actions *a) a->max_mss = r->max_mss; a->flags |= (r->scrub_flags & (PFSTATE_NODF|PFSTATE_RANDOMID| PFSTATE_SETTOS|PFSTATE_SCRUB_TCP|PFSTATE_SETPRIO)); - a->set_prio[0] = r->set_prio[0]; - a->set_prio[1] = r->set_prio[1]; + if (r->scrub_flags & PFSTATE_SETPRIO) { + a->set_prio[0] = r->set_prio[0]; + a->set_prio[1] = r->set_prio[1]; + } } #define PF_TEST_ATTRIB(t, a) \ |