svn commit: r290521 - head/sys/netpfil/pf
Kristof Provost
kp at FreeBSD.org
Sat Nov 7 23:51:43 UTC 2015
Author: kp
Date: Sat Nov 7 23:51:42 2015
New Revision: 290521
URL: https://svnweb.freebsd.org/changeset/base/290521
Log:
pf: Fix broken rule skip calculation
r289932 accidentally broke the rule skip calculation. The address family
argument to PF_ANEQ() is now important, and because it was set to 0 the macro
always evaluated to false.
This resulted in incorrect skip values, which in turn broke the rule
evaluations.
Modified:
head/sys/netpfil/pf/pf.c
Modified: head/sys/netpfil/pf/pf.c
==============================================================================
--- head/sys/netpfil/pf/pf.c Sat Nov 7 23:27:03 2015 (r290520)
+++ head/sys/netpfil/pf/pf.c Sat Nov 7 23:51:42 2015 (r290521)
@@ -1973,9 +1973,9 @@ pf_addr_wrap_neq(struct pf_addr_wrap *aw
switch (aw1->type) {
case PF_ADDR_ADDRMASK:
case PF_ADDR_RANGE:
- if (PF_ANEQ(&aw1->v.a.addr, &aw2->v.a.addr, 0))
+ if (PF_ANEQ(&aw1->v.a.addr, &aw2->v.a.addr, AF_INET6))
return (1);
- if (PF_ANEQ(&aw1->v.a.mask, &aw2->v.a.mask, 0))
+ if (PF_ANEQ(&aw1->v.a.mask, &aw2->v.a.mask, AF_INET6))
return (1);
return (0);
case PF_ADDR_DYNIFTL:
More information about the svn-src-all
mailing list