Hi,
This is a second diff and it makes sure that pf_step_into_anchor always
saves a pointer to the rule that owns the anchor on the pf anchor stack.
There's no reason why we should check for depth here. As a side effect
this makes sure that the correct nested anchor gets it's counter bumped
instead of the top most.
For the save/restore symmetry pf_step_out_of_anchor is made to always
restore previous value of the anchor rule. depth == 0 means what we a
at the top (main ruleset).
OK?
diff --git sys/net/pf.c sys/net/pf.c
index 9832e47..8708417 100644
--- sys/net/pf.c
+++ sys/net/pf.c
@@ -2666,11 +2666,11 @@ pf_step_into_anchor(int *depth, struct pf_ruleset **rs,
if (*depth >= sizeof(pf_anchor_stack) /
sizeof(pf_anchor_stack[0])) {
log(LOG_ERR, "pf_step_into_anchor: stack overflow\n");
*r = TAILQ_NEXT(*r, entries);
return;
- } else if (*depth == 0 && a != NULL)
+ } else if (a != NULL)
*a = *r;
f = pf_anchor_stack + (*depth)++;
f->rs = *rs;
f->r = *r;
if ((*r)->anchor_wildcard) {
@@ -2711,10 +2711,12 @@ pf_step_out_of_anchor(int *depth, struct pf_ruleset
**rs,
}
}
(*depth)--;
if (*depth == 0 && a != NULL)
*a = NULL;
+ else if (a != NULL)
+ *a = f->r;
*rs = f->rs;
if (*match > *depth) {
*match = *depth;
if (f->r->quick)
quick = 1;
