diff options
author | Henning Brauer <henning@cvs.openbsd.org> | 2008-09-10 09:10:18 +0000 |
---|---|---|
committer | Henning Brauer <henning@cvs.openbsd.org> | 2008-09-10 09:10:18 +0000 |
commit | c58ce9badb7e2ef5840a7b2d093e15a866091516 (patch) | |
tree | 250cfa37020524f302d77851b74bcb11ac956942 /sys | |
parent | 5028a28dde0e046ce22fc782e3590bc4d03d36ec (diff) |
re-enable the state key linking. i believe the bugs that hit us shortly
before release are fixed, and the extra check i added prevents incorrect
linking if there are still cases with tunnels, tho none of the testers
saw these yet, except for an icmp case that will be fixed shortly. the
extra check prevents misbehavior there.
if you see 'pf: state key linking mismatch' messages please report them to
me along with ifconfig -A and mention if you do any routing or nat tricks.
ok deraadt
Diffstat (limited to 'sys')
-rw-r--r-- | sys/net/pf.c | 6 |
1 files changed, 1 insertions, 5 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index 61f63b837a3..564eea27cf3 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.619 2008/09/09 13:56:39 henning Exp $ */ +/* $OpenBSD: pf.c,v 1.620 2008/09/10 09:10:17 henning Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -5825,10 +5825,8 @@ done: if ((s && s->tag) || r->rtableid) pf_tag_packet(m, s ? s->tag : 0, r->rtableid); -#if 0 if (dir == PF_IN && s && s->key[PF_SK_STACK]) m->m_pkthdr.pf.statekey = s->key[PF_SK_STACK]; -#endif #ifdef ALTQ if (action == PF_PASS && r->qid) { @@ -6206,10 +6204,8 @@ done: if ((s && s->tag) || r->rtableid) pf_tag_packet(m, s ? s->tag : 0, r->rtableid); -#if 0 if (dir == PF_IN && s && s->key[PF_SK_STACK]) m->m_pkthdr.pf.statekey = s->key[PF_SK_STACK]; -#endif #ifdef ALTQ if (action == PF_PASS && r->qid) { |