Dear OpenBSD team,
I've made this simple patch to pf, to make optimized tables work inside
anchors.
Please review it, and apply if appropriate, or suggest a solution to my
simple ruleset, which does not work with 5.6:
anchor in quick proto icmp {
pass quick from 1.1.1.1
pass quick from 1.1.1.2
pass quick from 1.1.1.3
pass quick from 1.1.1.4
pass quick from 1.1.1.5
pass quick from 1.1.1.6
pass quick from 1.1.1.7
}
Thanks in advance,
Kojedzinszky Richard--- pf_table.c
+++ pf_table.c
@@ -2016,7 +2016,8 @@ pfr_setflags_ktable(struct pfr_ktable *kt, int newf)
struct pfr_kentryworkq addrq;
if (!(newf & PFR_TFLAG_REFERENCED) &&
- !(newf & PFR_TFLAG_PERSIST))
+ !(newf & PFR_TFLAG_PERSIST) &&
+ !(newf & PFR_TFLAG_REFDANCHOR))
newf &= ~PFR_TFLAG_ACTIVE;
if (!(newf & PFR_TFLAG_ACTIVE))
newf &= ~PFR_TFLAG_USRMASK;
