svn commit: r285945 - head/sys/netpfil/pf
Gleb Smirnoff
glebius at FreeBSD.org
Tue Jul 28 14:43:28 UTC 2015
Renato,
On Tue, Jul 28, 2015 at 10:18:57AM -0300, Renato Botelho wrote:
R> Thanks for pointing this out. Do you approve the following patch?
R>
R> Index: sys/netpfil/pf/pf.c
R> ===================================================================
R> --- sys/netpfil/pf/pf.c (revision 285945)
R> +++ sys/netpfil/pf/pf.c (working copy)
R> @@ -5895,8 +5895,7 @@
R> !((s && s->state_flags & PFSTATE_ALLOWOPTS) || r->allow_opts)) {
R> action = PF_DROP;
R> REASON_SET(&reason, PFRES_IPOPTIONS);
R> - if (r->log)
R> - log = 1;
R> + log = r->log;
R> DPFPRINTF(PF_DEBUG_MISC,
R> ("pf: dropping packet with ip options\n"));
R> }
R> @@ -6330,8 +6329,7 @@
R> !((s && s->state_flags & PFSTATE_ALLOWOPTS) || r->allow_opts)) {
R> action = PF_DROP;
R> REASON_SET(&reason, PFRES_IPOPTIONS);
R> - if (r->log)
R> - log = 1;
R> + log = r->log;
R> DPFPRINTF(PF_DEBUG_MISC,
R> ("pf: dropping packet with dangerous v6 headers\n"));
R> }
Yes, this looks better. Thanks.
--
Totus tuus, Glebius.
More information about the svn-src-all
mailing list