* Matt Van Mater <matt.vanma...@gmail.com> [2011-08-22 23:14]:
> I am looking into why my
> pflog has these ambiguous entries that show source and destination as all
> zeros e.g. 0.0.0.0.0 > 0.0.0.0.0.
this fixes it. nsaddr/port and ndaddr/port were set up in pf_test_rule
and thus not set up if we passed a packet statefully.
I have left the icmp dance in pf_test_rule... some of that should pbly
also move to pf_setup_pdesc.
tests, oks?
Index: pf.c
===================================================================
RCS file: /cvs/src/sys/net/pf.c,v
retrieving revision 1.771
diff -u -p -r1.771 pf.c
--- pf.c 30 Aug 2011 00:40:47 -0000 1.771
+++ pf.c 30 Aug 2011 11:14:19 -0000
@@ -2762,9 +2762,6 @@ pf_test_rule(struct pf_rule **rm, struct
u_int16_t virtual_type, virtual_id;
u_int8_t icmptype = 0, icmpcode = 0;
- PF_ACPY(&pd->nsaddr, pd->src, pd->af);
- PF_ACPY(&pd->ndaddr, pd->dst, pd->af);
-
bzero(&act, sizeof(act));
act.prio[0] = act.prio[1] = PF_PRIO_NOTSET;
bzero(sns, sizeof(sns));
@@ -2782,14 +2779,6 @@ pf_test_rule(struct pf_rule **rm, struct
}
switch (pd->virtual_proto) {
- case IPPROTO_TCP:
- pd->nsport = th->th_sport;
- pd->ndport = th->th_dport;
- break;
- case IPPROTO_UDP:
- pd->nsport = pd->hdr.udp->uh_sport;
- pd->ndport = pd->hdr.udp->uh_dport;
- break;
#ifdef INET
case IPPROTO_ICMP:
icmptype = pd->hdr.icmp->icmp_type;
@@ -2820,9 +2809,6 @@ pf_test_rule(struct pf_rule **rm, struct
}
break;
#endif /* INET6 */
- default:
- pd->nsport = pd->ndport = 0;
- break;
}
pd->osport = pd->nsport;
@@ -5849,6 +5835,14 @@ pf_setup_pdesc(sa_family_t af, int dir,
}
#endif /* INET6 */
}
+
+ PF_ACPY(&pd->nsaddr, pd->src, pd->af);
+ PF_ACPY(&pd->ndaddr, pd->dst, pd->af);
+ if (pd->sport)
+ pd->nsport = *pd->sport;
+ if (pd->dport)
+ pd->ndport = *pd->dport;
+
return (0);
}
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting
