pf: don't clobber log flag
If we decide to discard a packet due to unexpected IP options or
unsupported headers we set pd.act.log. However, this can later get
overwritten when we copy the state's saved actions over.
Merge the two log fields to ensure we log as expected.
Sponsored by: Rubicon Communications, LLC ("Netgate")
This commit is contained in:
@@ -8210,7 +8210,9 @@ pf_test(int dir, int pflags, struct ifnet *ifp, struct mbuf **m0,
|
||||
}
|
||||
|
||||
if (s) {
|
||||
uint8_t log = pd.act.log;
|
||||
memcpy(&pd.act, &s->act, sizeof(struct pf_rule_actions));
|
||||
pd.act.log |= log;
|
||||
tag = s->tag;
|
||||
rt = s->rt;
|
||||
} else {
|
||||
@@ -8819,7 +8821,9 @@ pf_test6(int dir, int pflags, struct ifnet *ifp, struct mbuf **m0, struct inpcb
|
||||
}
|
||||
|
||||
if (s) {
|
||||
uint8_t log = pd.act.log;
|
||||
memcpy(&pd.act, &s->act, sizeof(struct pf_rule_actions));
|
||||
pd.act.log |= log;
|
||||
tag = s->tag;
|
||||
rt = s->rt;
|
||||
} else {
|
||||
|
||||
Reference in New Issue
Block a user