svn commit: r285945 - head/sys/netpfil/pf
Gleb Smirnoff
glebius at FreeBSD.org
Tue Jul 28 11:20:54 UTC 2015
Renato,
On Tue, Jul 28, 2015 at 10:31:35AM +0000, Renato Botelho wrote:
R> Author: garga (ports committer)
R> Date: Tue Jul 28 10:31:34 2015
R> New Revision: 285945
R> URL: https://svnweb.freebsd.org/changeset/base/285945
R>
R> Log:
R> Respect pf rule log option before log dropped packets with IP options or
R> dangerous v6 headers
R>
R> Reviewed by: gnn, eri
R> Approved by: gnn
R> Obtained from: pfSense
R> MFC after: 3 days
R> Sponsored by: Netgate
R> Differential Revision: https://reviews.freebsd.org/D3222
R>
R> Modified:
R> head/sys/netpfil/pf/pf.c
R>
R> Modified: head/sys/netpfil/pf/pf.c
R> ==============================================================================
R> --- head/sys/netpfil/pf/pf.c Tue Jul 28 09:36:26 2015 (r285944)
R> +++ head/sys/netpfil/pf/pf.c Tue Jul 28 10:31:34 2015 (r285945)
R> @@ -5895,7 +5895,8 @@ done:
R> !((s && s->state_flags & PFSTATE_ALLOWOPTS) || r->allow_opts)) {
R> action = PF_DROP;
R> REASON_SET(&reason, PFRES_IPOPTIONS);
R> - log = 1;
R> + if (r->log)
R> + log = 1;
R> DPFPRINTF(PF_DEBUG_MISC,
R> ("pf: dropping packet with ip options\n"));
R> }
R> @@ -6329,7 +6330,8 @@ done:
R> !((s && s->state_flags & PFSTATE_ALLOWOPTS) || r->allow_opts)) {
R> action = PF_DROP;
R> REASON_SET(&reason, PFRES_IPOPTIONS);
R> - log = 1;
R> + if (r->log)
R> + log = 1;
R> DPFPRINTF(PF_DEBUG_MISC,
R> ("pf: dropping packet with dangerous v6 headers\n"));
R> }
Why not simply:
log = r->log;
?
That would also match the style of the function, since it already has:
log = s->log;
--
Totus tuus, Glebius.
More information about the svn-src-all
mailing list