From 1834c5d27ae0ce7806f7c3411062359c8b0133f0 Mon Sep 17 00:00:00 2001 From: Alexander Bluhm Date: Tue, 12 Oct 2010 17:45:07 +0000 Subject: pfctl -sr did not show divert-reply rules without address family correctly. A zero address field is used to identify divert-reply rules. If the rule's address family is unspecified, PF_AZERO() always returns false. So use AF_INET6 as address family, to check all bits of the address. ok markus@ --- sbin/pfctl/pfctl_parser.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'sbin/pfctl/pfctl_parser.c') diff --git a/sbin/pfctl/pfctl_parser.c b/sbin/pfctl/pfctl_parser.c index 91b7e2d7d85..aadac9241f6 100644 --- a/sbin/pfctl/pfctl_parser.c +++ b/sbin/pfctl/pfctl_parser.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfctl_parser.c,v 1.271 2010/09/22 06:02:59 henning Exp $ */ +/* $OpenBSD: pfctl_parser.c,v 1.272 2010/10/12 17:45:06 bluhm Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -1022,7 +1022,7 @@ print_rule(struct pf_rule *r, const char *anchor_call, int verbose) if (r->rtableid != -1) printf(" rtable %u", r->rtableid); if (r->divert.port) { - if (PF_AZERO(&r->divert.addr, r->af)) { + if (PF_AZERO(&r->divert.addr, AF_INET6)) { printf(" divert-reply"); } else { /* XXX cut&paste from print_addr */ -- cgit v1.2.3