SecBSD/src
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

sync code with last improvements from OpenBSD

Browse source
This commit is contained in:
purplerain 2023-09-07 18:23:23 +00:00
parent cac1167ac2
commit 0e5a54c21a
Signed by: purplerain
GPG key ID: F42C07F07E2E35B7
19 changed files with 662 additions and 356 deletions
Download patch file Download diff file Expand all files Collapse all files

10
sys/net/pf.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: pf.c,v 1.1184 2023/07/31 11:13:09 dlg Exp $ */
/* $OpenBSD: pf.c,v 1.1185 2023/09/07 09:59:43 sashan Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@ -4148,6 +4148,10 @@ enter_ruleset:
(r->rule_flag & PFRULE_STATESLOPPY) == 0 &&
ctx->icmp_dir != PF_IN),
TAILQ_NEXT(r, entries));
/* icmp packet must match existing state */
PF_TEST_ATTRIB(r->keep_state && ctx->state_icmp &&
(r->rule_flag & PFRULE_STATESLOPPY) == 0,
TAILQ_NEXT(r, entries));
break;
case IPPROTO_ICMPV6:
@ -4165,6 +4169,10 @@ enter_ruleset:
ctx->icmp_dir != PF_IN &&
ctx->icmptype != ND_NEIGHBOR_ADVERT),
TAILQ_NEXT(r, entries));
/* icmp packet must match existing state */
PF_TEST_ATTRIB(r->keep_state && ctx->state_icmp &&
(r->rule_flag & PFRULE_STATESLOPPY) == 0,
TAILQ_NEXT(r, entries));
break;
default: