CVSROOT: /cvs
Module name: src
Changes by: d...@cvs.openbsd.org 2021/01/28 02:37:20
Modified files:
sys/net : pf.c
Log message:
handle "once" rules before letting pfsync defer tx of a packet.
pfsync may want to defer the transmission of a packet. it does this so
it can try and get a state over to a peer firewall before a host may
send a reply to the peer, which would get dropped cos there's no
matching state.
i think the once rule processing should happen before that. the state
is created from the rule, whether the packet the state is for goes out
immediately or not shouldn't matter.
ok sashan@
