From owner-svn-src-all@freebsd.org  Tue Jul 28 13:19:03 2015
Return-Path: <owner-svn-src-all@freebsd.org>
Delivered-To: svn-src-all@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id B02AE9ACCB0;
 Tue, 28 Jul 2015 13:19:03 +0000 (UTC)
 (envelope-from garga.bsd@gmail.com)
Received: from mail-qg0-x234.google.com (mail-qg0-x234.google.com
 [IPv6:2607:f8b0:400d:c04::234])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 6B757C70;
 Tue, 28 Jul 2015 13:19:03 +0000 (UTC)
 (envelope-from garga.bsd@gmail.com)
Received: by qgeu79 with SMTP id u79so74416812qge.1;
 Tue, 28 Jul 2015 06:19:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=sender:content-type:mime-version:subject:from:in-reply-to:date:cc
 :content-transfer-encoding:message-id:references:to;
 bh=qbyrXuh8/y4CXoeIh3W1XEKQVMZMUvJBNc6jhWY+CtI=;
 b=YQyvoN9HYrvAu3Jc8kavsHkPfZCCVGeYgKXnVSwVMhc68TDVjz3Dha/SApgev/lA9H
 iXSNXWhtM4cur+WKtGSSjfshF6+CBp0B3Pmd6C5kU1vO9WiEEBnaoBnGYMa4Baxu1kn1
 gXPUITyebRvOMDnhCjVeWKFVSyV5AP79et3FiayKE2IkR6iMftnKP/viu5K8vRgT2PCA
 /QyGQVmMWajEEzycB2B2RjyHc3kdGB+epfzGX9Rtx4WRRDf5V5xtgHReASWhgU9g3rL9
 MBLp/3SBYR0GULKrtllbGSJPpUCDSHYe4pXogBBaWB24KUjbdUF1MgfseHix27ZdzX+l
 /glA==
X-Received: by 10.140.104.110 with SMTP id z101mr47657285qge.76.1438089542566; 
 Tue, 28 Jul 2015 06:19:02 -0700 (PDT)
Received: from mbp.home (179-125-138-94.desktop.com.br. [179.125.138.94])
 by smtp.gmail.com with ESMTPSA id i36sm11117923qkh.36.2015.07.28.06.19.00
 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
 Tue, 28 Jul 2015 06:19:01 -0700 (PDT)
Sender: Renato Botelho <garga.bsd@gmail.com>
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2102\))
Subject: Re: svn commit: r285945 - head/sys/netpfil/pf
From: Renato Botelho <garga@FreeBSD.org>
In-Reply-To: <20150728112051.GT72729@FreeBSD.org>
Date: Tue, 28 Jul 2015 10:18:57 -0300
Cc: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-head@freebsd.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <DA51CE87-C20B-46FB-8684-106CDF9B558F@FreeBSD.org>
References: <201507281031.t6SAVZnu046387@repo.freebsd.org>
 <20150728112051.GT72729@FreeBSD.org>
To: Gleb Smirnoff <glebius@FreeBSD.org>
X-Mailer: Apple Mail (2.2102)
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
 user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all/>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Jul 2015 13:19:03 -0000

> On Jul 28, 2015, at 08:20, Gleb Smirnoff <glebius@FreeBSD.org> wrote:
>=20
>  Renato,
>=20
> On Tue, Jul 28, 2015 at 10:31:35AM +0000, Renato Botelho wrote:
> R> Author: garga (ports committer)
> R> Date: Tue Jul 28 10:31:34 2015
> R> New Revision: 285945
> R> URL: https://svnweb.freebsd.org/changeset/base/285945
> R>=20
> R> Log:
> R>   Respect pf rule log option before log dropped packets with IP =
options or
> R>   dangerous v6 headers
> R>  =20
> R>   Reviewed by:	gnn, eri
> R>   Approved by:	gnn
> R>   Obtained from:	pfSense
> R>   MFC after:	3 days
> R>   Sponsored by:	Netgate
> R>   Differential Revision:	https://reviews.freebsd.org/D3222
> R>=20
> R> Modified:
> R>   head/sys/netpfil/pf/pf.c
> R>=20
> R> Modified: head/sys/netpfil/pf/pf.c
> R> =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D
> R> --- head/sys/netpfil/pf/pf.c	Tue Jul 28 09:36:26 2015	=
(r285944)
> R> +++ head/sys/netpfil/pf/pf.c	Tue Jul 28 10:31:34 2015	=
(r285945)
> R> @@ -5895,7 +5895,8 @@ done:
> R>  	    !((s && s->state_flags & PFSTATE_ALLOWOPTS) || =
r->allow_opts)) {
> R>  		action =3D PF_DROP;
> R>  		REASON_SET(&reason, PFRES_IPOPTIONS);
> R> -		log =3D 1;
> R> +		if (r->log)
> R> +			log =3D 1;
> R>  		DPFPRINTF(PF_DEBUG_MISC,
> R>  		    ("pf: dropping packet with ip options\n"));
> R>  	}
> R> @@ -6329,7 +6330,8 @@ done:
> R>  	    !((s && s->state_flags & PFSTATE_ALLOWOPTS) || =
r->allow_opts)) {
> R>  		action =3D PF_DROP;
> R>  		REASON_SET(&reason, PFRES_IPOPTIONS);
> R> -		log =3D 1;
> R> +		if (r->log)
> R> +			log =3D 1;
> R>  		DPFPRINTF(PF_DEBUG_MISC,
> R>  		    ("pf: dropping packet with dangerous v6 =
headers\n"));
> R>  	}
>=20
> Why not simply:
>=20
> 	log =3D r->log;
>=20
> ?
>=20
> That would also match the style of the function, since it already has:
>=20
> 	log =3D s->log;

Thanks for pointing this out. Do you approve the following patch?

Index: sys/netpfil/pf/pf.c
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
--- sys/netpfil/pf/pf.c	(revision 285945)
+++ sys/netpfil/pf/pf.c	(working copy)
@@ -5895,8 +5895,7 @@
 	    !((s && s->state_flags & PFSTATE_ALLOWOPTS) || =
r->allow_opts)) {
 		action =3D PF_DROP;
 		REASON_SET(&reason, PFRES_IPOPTIONS);
-		if (r->log)
-			log =3D 1;
+		log =3D r->log;
 		DPFPRINTF(PF_DEBUG_MISC,
 		    ("pf: dropping packet with ip options\n"));
 	}
@@ -6330,8 +6329,7 @@
 	    !((s && s->state_flags & PFSTATE_ALLOWOPTS) || =
r->allow_opts)) {
 		action =3D PF_DROP;
 		REASON_SET(&reason, PFRES_IPOPTIONS);
-		if (r->log)
-			log =3D 1;
+		log =3D r->log;
 		DPFPRINTF(PF_DEBUG_MISC,
 		    ("pf: dropping packet with dangerous v6 =
headers\n"));
 	}

--
Renato Botelho