svn commit: r236671 - head/sys/contrib/pf/net
Gleb Smirnoff
glebius at FreeBSD.org
Wed Jun 6 09:36:53 UTC 2012
Author: glebius
Date: Wed Jun 6 09:36:52 2012
New Revision: 236671
URL: http://svn.freebsd.org/changeset/base/236671
Log:
Merge revision 1.715 from OpenBSD:
date: 2010/12/24 20:12:56; author: henning; state: Exp; lines: +3 -3
in pf_src_connlimit, the indices to sk->addr were swapped.
tracked down and diff sent by Robert B Mills <rbmills at sdf.lonestar.org>
thanks, very good work! ok claudio
Impact is that the "flush" keyword didn't work.
Obtained from: OpenBSD
MFC after: 1 week
Modified:
head/sys/contrib/pf/net/pf.c
Modified: head/sys/contrib/pf/net/pf.c
==============================================================================
--- head/sys/contrib/pf/net/pf.c Wed Jun 6 09:07:50 2012 (r236670)
+++ head/sys/contrib/pf/net/pf.c Wed Jun 6 09:36:52 2012 (r236671)
@@ -643,10 +643,10 @@ pf_src_connlimit(struct pf_state **state
(*state)->key[PF_SK_WIRE]->af &&
(((*state)->direction == PF_OUT &&
PF_AEQ(&(*state)->src_node->addr,
- &sk->addr[0], sk->af)) ||
+ &sk->addr[1], sk->af)) ||
((*state)->direction == PF_IN &&
PF_AEQ(&(*state)->src_node->addr,
- &sk->addr[1], sk->af))) &&
+ &sk->addr[0], sk->af))) &&
((*state)->rule.ptr->flush &
PF_FLUSH_GLOBAL ||
(*state)->rule.ptr == st->rule.ptr)) {
More information about the svn-src-all
mailing list