Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 28 Jul 2015 14:20:51 +0300
From:      Gleb Smirnoff <glebius@FreeBSD.org>
To:        Renato Botelho <garga@FreeBSD.org>
Cc:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   Re: svn commit: r285945 - head/sys/netpfil/pf
Message-ID:  <20150728112051.GT72729@FreeBSD.org>
In-Reply-To: <201507281031.t6SAVZnu046387@repo.freebsd.org>
References:  <201507281031.t6SAVZnu046387@repo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
  Renato,

On Tue, Jul 28, 2015 at 10:31:35AM +0000, Renato Botelho wrote:
R> Author: garga (ports committer)
R> Date: Tue Jul 28 10:31:34 2015
R> New Revision: 285945
R> URL: https://svnweb.freebsd.org/changeset/base/285945
R> 
R> Log:
R>   Respect pf rule log option before log dropped packets with IP options or
R>   dangerous v6 headers
R>   
R>   Reviewed by:	gnn, eri
R>   Approved by:	gnn
R>   Obtained from:	pfSense
R>   MFC after:	3 days
R>   Sponsored by:	Netgate
R>   Differential Revision:	https://reviews.freebsd.org/D3222
R> 
R> Modified:
R>   head/sys/netpfil/pf/pf.c
R> 
R> Modified: head/sys/netpfil/pf/pf.c
R> ==============================================================================
R> --- head/sys/netpfil/pf/pf.c	Tue Jul 28 09:36:26 2015	(r285944)
R> +++ head/sys/netpfil/pf/pf.c	Tue Jul 28 10:31:34 2015	(r285945)
R> @@ -5895,7 +5895,8 @@ done:
R>  	    !((s && s->state_flags & PFSTATE_ALLOWOPTS) || r->allow_opts)) {
R>  		action = PF_DROP;
R>  		REASON_SET(&reason, PFRES_IPOPTIONS);
R> -		log = 1;
R> +		if (r->log)
R> +			log = 1;
R>  		DPFPRINTF(PF_DEBUG_MISC,
R>  		    ("pf: dropping packet with ip options\n"));
R>  	}
R> @@ -6329,7 +6330,8 @@ done:
R>  	    !((s && s->state_flags & PFSTATE_ALLOWOPTS) || r->allow_opts)) {
R>  		action = PF_DROP;
R>  		REASON_SET(&reason, PFRES_IPOPTIONS);
R> -		log = 1;
R> +		if (r->log)
R> +			log = 1;
R>  		DPFPRINTF(PF_DEBUG_MISC,
R>  		    ("pf: dropping packet with dangerous v6 headers\n"));
R>  	}

Why not simply:

	log = r->log;

?

That would also match the style of the function, since it already has:

	log = s->log;

-- 
Totus tuus, Glebius.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20150728112051.GT72729>