From cc9596685229e362d29e253d2de643c10d3e4a01 Mon Sep 17 00:00:00 2001
From: Daniel Hartmeier <dhartmei@cvs.openbsd.org>
Date: Sun, 22 May 2005 16:22:42 +0000
Subject: honour the 'no' in 'no scrub' rules for IP normalizations. found by
 mzozd at ad2u dot gr. ok henning@, mcbride@

---
 sys/net/pf_norm.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'sys')

diff --git a/sys/net/pf_norm.c b/sys/net/pf_norm.c
index 0c592f1f6f1..c3033539dda 100644
--- a/sys/net/pf_norm.c
+++ b/sys/net/pf_norm.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pf_norm.c,v 1.98 2005/05/21 21:03:57 henning Exp $ */
+/*	$OpenBSD: pf_norm.c,v 1.99 2005/05/22 16:22:41 dhartmei Exp $ */
 
 /*
  * Copyright 2001 Niels Provos <provos@citi.umich.edu>
@@ -849,7 +849,7 @@ pf_normalize_ip(struct mbuf **m0, int dir, struct pfi_kif *kif, u_short *reason,
 			break;
 	}
 
-	if (r == NULL)
+	if (r == NULL || r->action == PF_NOSCRUB)
 		return (PF_PASS);
 	else
 		r->packets++;
@@ -1067,7 +1067,7 @@ pf_normalize_ip6(struct mbuf **m0, int dir, struct pfi_kif *kif,
 			break;
 	}
 
-	if (r == NULL)
+	if (r == NULL || r->action == PF_NOSCRUB)
 		return (PF_PASS);
 	else
 		r->packets++;
-- 
cgit v1.2.3