Date: Sat, 7 Nov 2015 23:51:42 +0000 (UTC) From: Kristof Provost <kp@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r290521 - head/sys/netpfil/pf Message-ID: <201511072351.tA7NpgG0031937@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: kp Date: Sat Nov 7 23:51:42 2015 New Revision: 290521 URL: https://svnweb.freebsd.org/changeset/base/290521 Log: pf: Fix broken rule skip calculation r289932 accidentally broke the rule skip calculation. The address family argument to PF_ANEQ() is now important, and because it was set to 0 the macro always evaluated to false. This resulted in incorrect skip values, which in turn broke the rule evaluations. Modified: head/sys/netpfil/pf/pf.c Modified: head/sys/netpfil/pf/pf.c ============================================================================== --- head/sys/netpfil/pf/pf.c Sat Nov 7 23:27:03 2015 (r290520) +++ head/sys/netpfil/pf/pf.c Sat Nov 7 23:51:42 2015 (r290521) @@ -1973,9 +1973,9 @@ pf_addr_wrap_neq(struct pf_addr_wrap *aw switch (aw1->type) { case PF_ADDR_ADDRMASK: case PF_ADDR_RANGE: - if (PF_ANEQ(&aw1->v.a.addr, &aw2->v.a.addr, 0)) + if (PF_ANEQ(&aw1->v.a.addr, &aw2->v.a.addr, AF_INET6)) return (1); - if (PF_ANEQ(&aw1->v.a.mask, &aw2->v.a.mask, 0)) + if (PF_ANEQ(&aw1->v.a.mask, &aw2->v.a.mask, AF_INET6)) return (1); return (0); case PF_ADDR_DYNIFTL:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201511072351.tA7NpgG0031937>