Author: garga (ports committer)
Date: Fri Jul 31 12:02:44 2015
New Revision: 286125
URL: https://svnweb.freebsd.org/changeset/base/286125

Log:
  MFC r285945, r285960:
  
  Respect pf rule log option before log dropped packets with IP options or
  dangerous v6 headers
  
  Reviewed by:  gnn, eri
  Approved by:  gnn, glebius
  Obtained from:        pfSense
  Sponsored by: Netgate
  Differential Revision:        https://reviews.freebsd.org/D3222

Modified:
  stable/10/sys/netpfil/pf/pf.c
Directory Properties:
  stable/10/   (props changed)

Modified: stable/10/sys/netpfil/pf/pf.c
==============================================================================
--- stable/10/sys/netpfil/pf/pf.c       Fri Jul 31 11:10:43 2015        
(r286124)
+++ stable/10/sys/netpfil/pf/pf.c       Fri Jul 31 12:02:44 2015        
(r286125)
@@ -5894,7 +5894,7 @@ done:
            !((s && s->state_flags & PFSTATE_ALLOWOPTS) || r->allow_opts)) {
                action = PF_DROP;
                REASON_SET(&reason, PFRES_IPOPTIONS);
-               log = 1;
+               log = r->log;
                DPFPRINTF(PF_DEBUG_MISC,
                    ("pf: dropping packet with ip options\n"));
        }
@@ -6326,7 +6326,7 @@ done:
            !((s && s->state_flags & PFSTATE_ALLOWOPTS) || r->allow_opts)) {
                action = PF_DROP;
                REASON_SET(&reason, PFRES_IPOPTIONS);
-               log = 1;
+               log = r->log;
                DPFPRINTF(PF_DEBUG_MISC,
                    ("pf: dropping packet with dangerous v6 headers\n"));
        }
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Reply via email to