pf: don't clobber log flag

If we decide to discard a packet due to unexpected IP options or
unsupported headers we set pd.act.log. However, this can later get
overwritten when we copy the state's saved actions over.

Merge the two log fields to ensure we log as expected.

Sponsored by:	Rubicon Communications, LLC ("Netgate")
This commit is contained in:
Kristof Provost
2024-01-02 14:54:06 +01:00
parent b1e82d3319
commit 5f840a1758
+4
View File
@@ -8210,7 +8210,9 @@ pf_test(int dir, int pflags, struct ifnet *ifp, struct mbuf **m0,
}
if (s) {
uint8_t log = pd.act.log;
memcpy(&pd.act, &s->act, sizeof(struct pf_rule_actions));
pd.act.log |= log;
tag = s->tag;
rt = s->rt;
} else {
@@ -8819,7 +8821,9 @@ pf_test6(int dir, int pflags, struct ifnet *ifp, struct mbuf **m0, struct inpcb
}
if (s) {
uint8_t log = pd.act.log;
memcpy(&pd.act, &s->act, sizeof(struct pf_rule_actions));
pd.act.log |= log;
tag = s->tag;
rt = s->rt;
} else {