From 723922f7961b5d7fa6b891ea881a6156cf2aeeac Mon Sep 17 00:00:00 2001
From: Alexander Bluhm <bluhm@cvs.openbsd.org>
Date: Fri, 15 Jan 2021 22:27:50 +0000
Subject: Remove a check that bypasses pf state tests.  It dates back to 2003
 when NAT was implemented differently.  Now it does not seem to make sense
 anymore.  sashan@ has identified cases where it does harm. dlg@ wants to
 remove it to simplify route-to code. from dlg@; OK sashan@

---
 sys/net/pf.c | 8 +-------
 1 file changed, 1 insertion(+), 7 deletions(-)

(limited to 'sys/net')

diff --git a/sys/net/pf.c b/sys/net/pf.c
index e93e2b50dba..49ceef8b732 100644
--- a/sys/net/pf.c
+++ b/sys/net/pf.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pf.c,v 1.1098 2021/01/14 09:44:33 tb Exp $ */
+/*	$OpenBSD: pf.c,v 1.1099 2021/01/15 22:27:49 bluhm Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -1122,12 +1122,6 @@ pf_find_state(struct pf_pdesc *pd, struct pf_state_key_cmp *key,
 	}
 
 	*state = s;
-	if (pd->dir == PF_OUT && s->rt_kif != NULL && s->rt_kif != pd->kif &&
-	    ((s->rule.ptr->rt == PF_ROUTETO &&
-	    s->rule.ptr->direction == PF_OUT) ||
-	    (s->rule.ptr->rt == PF_REPLYTO &&
-	    s->rule.ptr->direction == PF_IN)))
-		return (PF_PASS);
 
 	return (PF_MATCH);
 }
-- 
cgit v1.2.3