diff options
| author | Ryan Thomas McBride <mcbride@cvs.openbsd.org> | 2008-06-21 02:05:47 +0000 |
|---|---|---|
| committer | Ryan Thomas McBride <mcbride@cvs.openbsd.org> | 2008-06-21 02:05:47 +0000 |
| commit | d873219cbc60baab66036ff79b457befe8d1ef60 (patch) | |
| tree | 2c8b4cbfb68e375e3fef4c0fbbaf42232cb73852 /sys/net | |
| parent | 466615db3f495ecb0b1df3c623bea98d8803c0d4 (diff) | |
Only do state key linking on the outbound path.
Fixes stateful filtering on enc0.
Problem report, testing, and ok david@
Diffstat (limited to 'sys/net')
| -rw-r--r-- | sys/net/pf.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index cb48eb721ba..06df960c7f0 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.598 2008/06/16 01:16:04 henning Exp $ */ +/* $OpenBSD: pf.c,v 1.599 2008/06/21 02:05:46 mcbride Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -887,7 +887,7 @@ pf_find_state(struct pfi_kif *kif, struct pf_state_key_cmp *key, u_int dir, if ((sk = RB_FIND(pf_state_tree, &pf_statetbl, (struct pf_state_key *)key)) == NULL) return (NULL); - if (m->m_pkthdr.pf.statekey) { + if (dir == PF_OUT && m->m_pkthdr.pf.statekey) { ((struct pf_state_key *) m->m_pkthdr.pf.statekey)->reverse = sk; sk->reverse = m->m_pkthdr.pf.statekey; |