From 76325609b708b1e8f76e3fd663a43fbed6f389fa Mon Sep 17 00:00:00 2001 From: Henning Brauer Date: Wed, 15 Apr 2009 13:10:39 +0000 Subject: little dose of scrubbing after the monster changes: correctly inherit queue stuff, tag, rtableid from the rule if we have no state some logic simplification and removal of redundant checks ok dlg --- sys/net/pf.c | 31 ++++++++++++++++++------------- 1 file changed, 18 insertions(+), 13 deletions(-) (limited to 'sys/net') diff --git a/sys/net/pf.c b/sys/net/pf.c index acdb1dd6db6..d3f7ff3a59b 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.643 2009/04/15 05:14:45 david Exp $ */ +/* $OpenBSD: pf.c,v 1.644 2009/04/15 13:10:38 henning Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -5381,6 +5381,7 @@ pf_test(int dir, struct ifnet *ifp, struct mbuf **m0, struct pf_ruleset *ruleset = NULL; struct pf_pdesc pd; int off, dirndx, pqid = 0; + u_int16_t qid; if (!pf_status.running) return (PF_PASS); @@ -5583,25 +5584,29 @@ done: ("pf: dropping packet with ip options\n")); } - if (s) + if (s) { pf_scrub_ip(&m, s->state_flags, s->min_ttl, s->set_tos); - else + pf_tag_packet(m, s->tag, s->rtableid); + if (pqid || (pd.tos & IPTOS_LOWDELAY)) + qid = s->pqid; + else + qid = s->qid; + } else { pf_scrub_ip(&m, r->scrub_flags, r->min_ttl, r->set_tos); - - if (s && (s->tag || s->rtableid)) - pf_tag_packet(m, s ? s->tag : 0, s->rtableid); + pf_tag_packet(m, r->tag, r->rtableid); + if (pqid || (pd.tos & IPTOS_LOWDELAY)) + qid = r->pqid; + else + qid = r->qid; + } if (dir == PF_IN && s && s->key[PF_SK_STACK]) m->m_pkthdr.pf.statekey = s->key[PF_SK_STACK]; #ifdef ALTQ - if (action == PF_PASS && s && s->qid) { - if (pqid || (pd.tos & IPTOS_LOWDELAY)) - m->m_pkthdr.pf.qid = s->pqid; - else - m->m_pkthdr.pf.qid = s->qid; - /* add hints for ecn */ - m->m_pkthdr.pf.hdr = h; + if (action == PF_PASS && qid) { + m->m_pkthdr.pf.qid = qid; + m->m_pkthdr.pf.hdr = h; /* hints for ecn */ } #endif /* ALTQ */ -- cgit v1.2.3