Date: Thu, 13 Feb 2025 12:39:02 GMT From: Kristof Provost <kp@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: 9565df4e7fa9 - main - pf: fix 'quick' for match rules Message-ID: <202502131239.51DCd2re075477@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=9565df4e7fa9348d4200e2607e84f1a4bea54f8d commit 9565df4e7fa9348d4200e2607e84f1a4bea54f8d Author: Kristof Provost <kp@FreeBSD.org> AuthorDate: 2025-02-10 13:32:27 +0000 Commit: Kristof Provost <kp@FreeBSD.org> CommitDate: 2025-02-13 12:38:43 +0000 pf: fix 'quick' for match rules In pf_test_rule, when dealing with a match rule, obey the match rule's quick flag to decide wether to abort ruleset eval instead of the last matching rule's one. Makes "match quick" abort ruleset evaluation with the current block/pass state. From Maxim Khitrov <max at mxcrypt.com>, ok bluhm mikeb Obtained from: OpenBSD, henning <henning@openbsd.org>, c5611d5b70 Sponsored by: Rubicon Communications, LLC ("Netgate") --- sys/netpfil/pf/pf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index 5c99cde4a9f4..76f508b43750 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -5825,7 +5825,7 @@ pf_test_rule(struct pf_krule **rm, struct pf_kstate **sm, PFLOG_PACKET(r->action, PFRES_MATCH, r, a, ruleset, pd, 1); } - if ((*rm)->quick) + if (r->quick) break; r = TAILQ_NEXT(r, entries); } else
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202502131239.51DCd2re075477>