From 079b8cf33068dd0cd8d1e646ce379f12239c1fb0 Mon Sep 17 00:00:00 2001
From: Cedric Berger <cedric@cvs.openbsd.org>
Date: Fri, 21 Mar 2003 12:47:37 +0000
Subject: - Add missing "\n" to some pf_table.c printf() - Fix two problems
 with pfr_update_stats().

Filtering was done properly, only stats were wrong.
People should upgrade their kernel if:
  - They use bidirectional rules (without "in" or "out") with tables.
  - They use tables in negated statements, like "block from !<foo>"

Thanks to David Krause for discovering the problem.
Ok dhartmei@ henning@
---
 sys/net/pf.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

(limited to 'sys/net/pf.c')

diff --git a/sys/net/pf.c b/sys/net/pf.c
index 955963ecc38..692ca171cdc 100644
--- a/sys/net/pf.c
+++ b/sys/net/pf.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pf.c,v 1.327 2003/03/09 20:26:12 frantzen Exp $ */
+/*	$OpenBSD: pf.c,v 1.328 2003/03/21 12:47:36 cedric Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -4396,12 +4396,12 @@ pf_test(int dir, struct ifnet *ifp, struct mbuf **m0)
 done:
 	if (r != NULL && r->src.addr.type == PF_ADDR_TABLE)
 		pfr_update_stats(r->src.addr.p.tbl,
-		    (r->direction == dir) ? pd.src : pd.dst, pd.af,
+		    (s == NULL || s->direction == dir) ? pd.src : pd.dst, pd.af,
 		    pd.tot_len, dir == PF_OUT, r->action == PF_PASS,
 		    r->src.not);
 	if (r != NULL && r->dst.addr.type == PF_ADDR_TABLE)
 		pfr_update_stats(r->dst.addr.p.tbl,
-		    (r->direction == dir) ? pd.dst : pd.src, pd.af,
+		    (s == NULL || s->direction == dir) ? pd.dst : pd.src, pd.af,
 		    pd.tot_len, dir == PF_OUT, r->action == PF_PASS,
 		    r->dst.not);
 
@@ -4627,12 +4627,12 @@ pf_test6(int dir, struct ifnet *ifp, struct mbuf **m0)
 done:
 	if (r != NULL && r->src.addr.type == PF_ADDR_TABLE)
 		pfr_update_stats(r->src.addr.p.tbl,
-		    (r->direction == dir) ? pd.src : pd.dst, pd.af,
+		    (s == NULL || s->direction == dir) ? pd.src : pd.dst, pd.af,
 		    pd.tot_len, dir == PF_OUT, r->action == PF_PASS,
 		    r->src.not);
 	if (r != NULL && r->dst.addr.type == PF_ADDR_TABLE)
 		pfr_update_stats(r->dst.addr.p.tbl,
-		    (r->direction == dir) ? pd.dst : pd.src, pd.af,
+		    (s == NULL || s->direction == dir) ? pd.dst : pd.src, pd.af,
 		    pd.tot_len, dir == PF_OUT, r->action == PF_PASS,
 		    r->dst.not);
 
-- 
cgit v1.2.3