Hello all again.
Could anyone explain the reasons of the following difference? More
precisely:
1. Why does pf_test() add log flag PF_LOG_FORCE, and pf_test6() resets
log flag to plain 1 (PF_LOG)?
2. Is diverting supported only for AF_INET? I do not see such mention in
neither commit logs or pf.conf(5) or divert(4) or sbin/pfctl/parse.y.
pf_test():
if (m->m_pkthdr.len < (int)sizeof(*h)) {
action = PF_DROP;
REASON_SET(&reason, PFRES_SHORT);
log |= PF_LOG_FORCE;
goto done;
}
if (m->m_pkthdr.pf.flags & PF_TAG_GENERATED)
return (PF_PASS);
if (m->m_pkthdr.pf.flags & PF_TAG_DIVERTED_PACKET)
return (PF_PASS);
and pf_test6():
if (m->m_pkthdr.len < (int)sizeof(*h)) {
action = PF_DROP;
REASON_SET(&reason, PFRES_SHORT);
log = 1;
goto done;
}
if (m->m_pkthdr.pf.flags & PF_TAG_GENERATED)
return (PF_PASS);
--
Best wishes,
Vadim Zhukov
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in e-mail?
