diff options
| author | Alexander Bluhm <bluhm@cvs.openbsd.org> | 2021-01-15 22:27:50 +0000 |
|---|---|---|
| committer | Alexander Bluhm <bluhm@cvs.openbsd.org> | 2021-01-15 22:27:50 +0000 |
| commit | 723922f7961b5d7fa6b891ea881a6156cf2aeeac (patch) | |
| tree | a885eebe580f44396c254e15d5c486e7d35a69ff /sys/net | |
| parent | 5c9274a6f59f68de2ba271f3bcc8e61956e615bc (diff) | |
Remove a check that bypasses pf state tests. It dates back to 2003
when NAT was implemented differently. Now it does not seem to make
sense anymore. sashan@ has identified cases where it does harm.
dlg@ wants to remove it to simplify route-to code.
from dlg@; OK sashan@
Diffstat (limited to 'sys/net')
| -rw-r--r-- | sys/net/pf.c | 8 |
1 files changed, 1 insertions, 7 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index e93e2b50dba..49ceef8b732 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.1098 2021/01/14 09:44:33 tb Exp $ */ +/* $OpenBSD: pf.c,v 1.1099 2021/01/15 22:27:49 bluhm Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -1122,12 +1122,6 @@ pf_find_state(struct pf_pdesc *pd, struct pf_state_key_cmp *key, } *state = s; - if (pd->dir == PF_OUT && s->rt_kif != NULL && s->rt_kif != pd->kif && - ((s->rule.ptr->rt == PF_ROUTETO && - s->rule.ptr->direction == PF_OUT) || - (s->rule.ptr->rt == PF_REPLYTO && - s->rule.ptr->direction == PF_IN))) - return (PF_PASS); return (PF_MATCH); } |