From ddc2da753b49f1b63a20b0d8d1f6cd8a18595635 Mon Sep 17 00:00:00 2001
From: Henning Brauer <henning@cvs.openbsd.org>
Date: Fri, 24 Dec 2010 20:12:57 +0000
Subject: in pf_src_connlimit, the indices to sk->addr were swapped. tracked
 down and diff sent by Robert B Mills <rbmills at sdf.lonestar.org> thanks,
 very good work! ok claudio

---
 sys/net/pf.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'sys')

diff --git a/sys/net/pf.c b/sys/net/pf.c
index 5bd379b7f5e..c6240bd001f 100644
--- a/sys/net/pf.c
+++ b/sys/net/pf.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pf.c,v 1.714 2010/12/07 11:39:40 jsg Exp $ */
+/*	$OpenBSD: pf.c,v 1.715 2010/12/24 20:12:56 henning Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -485,9 +485,9 @@ pf_src_connlimit(struct pf_state **state)
 				if (sk->af ==
 				    (*state)->key[PF_SK_WIRE]->af &&
 				    (((*state)->direction == PF_OUT &&
-				    PF_AEQ(&sn->addr, &sk->addr[0], sk->af)) ||
+				    PF_AEQ(&sn->addr, &sk->addr[1], sk->af)) ||
 				    ((*state)->direction == PF_IN &&
-				    PF_AEQ(&sn->addr, &sk->addr[1], sk->af))) &&
+				    PF_AEQ(&sn->addr, &sk->addr[0], sk->af))) &&
 				    ((*state)->rule.ptr->flush &
 				    PF_FLUSH_GLOBAL ||
 				    (*state)->rule.ptr == st->rule.ptr)) {
-- 
cgit v1.2.3