> On Jul 28, 2015, at 08:20, Gleb Smirnoff <gleb...@freebsd.org> wrote:
>
> Renato,
>
> On Tue, Jul 28, 2015 at 10:31:35AM +0000, Renato Botelho wrote:
> R> Author: garga (ports committer)
> R> Date: Tue Jul 28 10:31:34 2015
> R> New Revision: 285945
> R> URL: https://svnweb.freebsd.org/changeset/base/285945
> R>
> R> Log:
> R> Respect pf rule log option before log dropped packets with IP options or
> R> dangerous v6 headers
> R>
> R> Reviewed by: gnn, eri
> R> Approved by: gnn
> R> Obtained from: pfSense
> R> MFC after: 3 days
> R> Sponsored by: Netgate
> R> Differential Revision: https://reviews.freebsd.org/D3222
> R>
> R> Modified:
> R> head/sys/netpfil/pf/pf.c
> R>
> R> Modified: head/sys/netpfil/pf/pf.c
> R>
> ==============================================================================
> R> --- head/sys/netpfil/pf/pf.c Tue Jul 28 09:36:26 2015
> (r285944)
> R> +++ head/sys/netpfil/pf/pf.c Tue Jul 28 10:31:34 2015
> (r285945)
> R> @@ -5895,7 +5895,8 @@ done:
> R> !((s && s->state_flags & PFSTATE_ALLOWOPTS) || r->allow_opts)) {
> R> action = PF_DROP;
> R> REASON_SET(&reason, PFRES_IPOPTIONS);
> R> - log = 1;
> R> + if (r->log)
> R> + log = 1;
> R> DPFPRINTF(PF_DEBUG_MISC,
> R> ("pf: dropping packet with ip options\n"));
> R> }
> R> @@ -6329,7 +6330,8 @@ done:
> R> !((s && s->state_flags & PFSTATE_ALLOWOPTS) || r->allow_opts)) {
> R> action = PF_DROP;
> R> REASON_SET(&reason, PFRES_IPOPTIONS);
> R> - log = 1;
> R> + if (r->log)
> R> + log = 1;
> R> DPFPRINTF(PF_DEBUG_MISC,
> R> ("pf: dropping packet with dangerous v6 headers\n"));
> R> }
>
> Why not simply:
>
> log = r->log;
>
> ?
>
> That would also match the style of the function, since it already has:
>
> log = s->log;
Thanks for pointing this out. Do you approve the following patch?
Index: sys/netpfil/pf/pf.c
===================================================================
--- sys/netpfil/pf/pf.c (revision 285945)
+++ sys/netpfil/pf/pf.c (working copy)
@@ -5895,8 +5895,7 @@
!((s && s->state_flags & PFSTATE_ALLOWOPTS) || r->allow_opts)) {
action = PF_DROP;
REASON_SET(&reason, PFRES_IPOPTIONS);
- if (r->log)
- log = 1;
+ log = r->log;
DPFPRINTF(PF_DEBUG_MISC,
("pf: dropping packet with ip options\n"));
}
@@ -6330,8 +6329,7 @@
!((s && s->state_flags & PFSTATE_ALLOWOPTS) || r->allow_opts)) {
action = PF_DROP;
REASON_SET(&reason, PFRES_IPOPTIONS);
- if (r->log)
- log = 1;
+ log = r->log;
DPFPRINTF(PF_DEBUG_MISC,
("pf: dropping packet with dangerous v6 headers\n"));
}
--
Renato Botelho
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
