svn commit: r285945 - head/sys/netpfil/pf
Renato Botelho
garga at FreeBSD.org
Tue Jul 28 10:31:35 UTC 2015
Author: garga (ports committer)
Date: Tue Jul 28 10:31:34 2015
New Revision: 285945
URL: https://svnweb.freebsd.org/changeset/base/285945
Log:
Respect pf rule log option before log dropped packets with IP options or
dangerous v6 headers
Reviewed by: gnn, eri
Approved by: gnn
Obtained from: pfSense
MFC after: 3 days
Sponsored by: Netgate
Differential Revision: https://reviews.freebsd.org/D3222
Modified:
head/sys/netpfil/pf/pf.c
Modified: head/sys/netpfil/pf/pf.c
==============================================================================
--- head/sys/netpfil/pf/pf.c Tue Jul 28 09:36:26 2015 (r285944)
+++ head/sys/netpfil/pf/pf.c Tue Jul 28 10:31:34 2015 (r285945)
@@ -5895,7 +5895,8 @@ done:
!((s && s->state_flags & PFSTATE_ALLOWOPTS) || r->allow_opts)) {
action = PF_DROP;
REASON_SET(&reason, PFRES_IPOPTIONS);
- log = 1;
+ if (r->log)
+ log = 1;
DPFPRINTF(PF_DEBUG_MISC,
("pf: dropping packet with ip options\n"));
}
@@ -6329,7 +6330,8 @@ done:
!((s && s->state_flags & PFSTATE_ALLOWOPTS) || r->allow_opts)) {
action = PF_DROP;
REASON_SET(&reason, PFRES_IPOPTIONS);
- log = 1;
+ if (r->log)
+ log = 1;
DPFPRINTF(PF_DEBUG_MISC,
("pf: dropping packet with dangerous v6 headers\n"));
}
More information about the svn-src-all
mailing list