On Thu, Nov 14, 2013 at 12:03:21AM +0200, Alexey Suslikov wrote:
> This is on 5.4-stable. vlan is only used to see what resulting prio is.
> #match on { $int_if } inet proto icmp all icmp-type echoreq set prio 5
> pass quick on { $ext_if, $int_if }
Can you test wether this diff matches your expected behaviour?
Please try various combinations of pass and match rules.
bluhm
Index: net/pf.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sys/net/pf.c,v
retrieving revision 1.861
diff -u -p -r1.861 pf.c
--- net/pf.c 16 Nov 2013 00:36:01 -0000 1.861
+++ net/pf.c 18 Nov 2013 00:56:55 -0000
@@ -3110,8 +3110,10 @@ pf_rule_to_actions(struct pf_rule *r, st
a->max_mss = r->max_mss;
a->flags |= (r->scrub_flags & (PFSTATE_NODF|PFSTATE_RANDOMID|
PFSTATE_SETTOS|PFSTATE_SCRUB_TCP|PFSTATE_SETPRIO));
- a->set_prio[0] = r->set_prio[0];
- a->set_prio[1] = r->set_prio[1];
+ if (r->scrub_flags & PFSTATE_SETPRIO) {
+ a->set_prio[0] = r->set_prio[0];
+ a->set_prio[1] = r->set_prio[1];
+ }
}
#define PF_TEST_ATTRIB(t, a) \
