From d873219cbc60baab66036ff79b457befe8d1ef60 Mon Sep 17 00:00:00 2001 From: Ryan Thomas McBride Date: Sat, 21 Jun 2008 02:05:47 +0000 Subject: Only do state key linking on the outbound path. Fixes stateful filtering on enc0. Problem report, testing, and ok david@ --- sys/net/pf.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'sys') diff --git a/sys/net/pf.c b/sys/net/pf.c index cb48eb721ba..06df960c7f0 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.598 2008/06/16 01:16:04 henning Exp $ */ +/* $OpenBSD: pf.c,v 1.599 2008/06/21 02:05:46 mcbride Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -887,7 +887,7 @@ pf_find_state(struct pfi_kif *kif, struct pf_state_key_cmp *key, u_int dir, if ((sk = RB_FIND(pf_state_tree, &pf_statetbl, (struct pf_state_key *)key)) == NULL) return (NULL); - if (m->m_pkthdr.pf.statekey) { + if (dir == PF_OUT && m->m_pkthdr.pf.statekey) { ((struct pf_state_key *) m->m_pkthdr.pf.statekey)->reverse = sk; sk->reverse = m->m_pkthdr.pf.statekey; -- cgit v1.2.3