Don't "forward to <table>" when a "forward to destination" address is set.

This matches the documented behaviour.
On matching "forward to <table>" filter rules the "forward to destination"
address is unset, so that in that case the "forward to <table>" rule is still
used.

OK benno@, regression tests still passing.

2 files changed, 7 insertions, 4 deletions

diff --git a/usr.sbin/relayd/relay.c b/usr.sbin/relayd/relay.c
index 864d9104fbe..21efe259e05 100644
--- a/usr.sbin/relayd/relay.c
+++ b/usr.sbin/relayd/relay.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: relay.c,v 1.249 2019/06/28 13:32:50 deraadt Exp $	*/
+/*	$OpenBSD: relay.c,v 1.250 2019/07/13 06:53:00 chrisz Exp $	*/
 
 /*
  * Copyright (c) 2006 - 2014 Reyk Floeter <reyk@openbsd.org>
@@ -1638,7 +1638,8 @@ relay_connect(struct rsession *con)
 
 	getmonotime(&con->se_tv_start);
 
-	if (!TAILQ_EMPTY(&rlay->rl_tables)) {
+	if (con->se_out.ss.ss_family == AF_UNSPEC &&
+	    !TAILQ_EMPTY(&rlay->rl_tables)) {
 		if (relay_from_table(con) != 0)
 			return (-1);
 	} else if (con->se_out.ss.ss_family == AF_UNSPEC) {
diff --git a/usr.sbin/relayd/relay_http.c b/usr.sbin/relayd/relay_http.c
index d0dfd35cacf..960d4c54a08 100644
--- a/usr.sbin/relayd/relay_http.c
+++ b/usr.sbin/relayd/relay_http.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: relay_http.c,v 1.77 2019/07/05 13:42:06 robert Exp $	*/
+/*	$OpenBSD: relay_http.c,v 1.78 2019/07/13 06:53:00 chrisz Exp $	*/
 
 /*
  * Copyright (c) 2006 - 2016 Reyk Floeter <reyk@openbsd.org>
@@ -1520,8 +1520,10 @@ relay_match_actions(struct ctl_relay_event *cre, struct relay_rule *rule,
 	/*
 	 * Apply the following options instantly (action per match).
 	 */
-	if (rule->rule_table != NULL)
+	if (rule->rule_table != NULL) {
 		*tbl = rule->rule_table;
+		con->se_out.ss.ss_family = AF_UNSPEC;
+	}
 	if (rule->rule_tag != 0)
 		con->se_tag = rule->rule_tag == -1 ? 0 : rule->rule_tag;
 	if (rule->rule_label != 0)