svn commit: r336064 - stable/11/sys/netpfil/pf

Sat Jul 7 14:46:03 UTC 2018

Author: kp
Date: Sat Jul  7 14:46:02 2018
New Revision: 336064
URL: https://svnweb.freebsd.org/changeset/base/336064

Log:
  MFC r335816:
  
  pfsync: Fix state sync during initial bulk update
  
  States learned via pfsync from a peer with the same ruleset checksum were not
  getting assigned to rules like they should because pfsync_in_upd() wasn't
  passing the PFSYNC_SI_CKSUM flag along to pfsync_state_import.
  
  PR:		229092
  Submitted by:	Kajetan Staszkiewicz <vegeta tuxpowered.net>
  Obtained from:	OpenBSD
  Sponsored by:	InnoGames GmbH

Modified:
  stable/11/sys/netpfil/pf/if_pfsync.c
Directory Properties:
  stable/11/   (props changed)

Modified: stable/11/sys/netpfil/pf/if_pfsync.c
==============================================================================

--- stable/11/sys/netpfil/pf/if_pfsync.c	Sat Jul  7 13:37:44 2018	(r336063)
+++ stable/11/sys/netpfil/pf/if_pfsync.c	Sat Jul  7 14:46:02 2018	(r336064)
@@ -865,7 +865,7 @@ pfsync_in_upd(struct pfsync_pkt *pkt, struct mbuf *m, 
 		st = pf_find_state_byid(sp->id, sp->creatorid);
 		if (st == NULL) {
 			/* insert the update */
-			if (pfsync_state_import(sp, 0))
+			if (pfsync_state_import(sp, pkt->flags))
 				V_pfsyncstats.pfsyncs_badstate++;
 			continue;
 		}
