Hello,
I'm fine with the fix. I have just small comment/nit. leaving it
up to you to fix it ore leave it.
</snip>
> -
> if (newrule->rt && !newrule->direction) {
> pf_rule_free(newrule);
> error = EINVAL;
> @@ -3216,6 +3194,34 @@ pf_rule_copyin(struct pf_rule *from, str
> to->set_prio[1] = from->set_prio[1];
>
> return (0);
> +}
> +
> +int
> +pf_rule_checkaf(struct pf_rule *r)
> +{
> + switch (r->af) {
> + case 0:
> + if (r->rule_flag & PFRULE_AFTO)
> + return EPFNOSUPPORT;
> + break;
> + case AF_INET:
> + if ((r->rule_flag & PFRULE_AFTO) && r->naf != AF_INET6)
> + return EPFNOSUPPORT;
> + break;
> +#ifdef INET6
> + case AF_INET6:
> + if ((r->rule_flag & PFRULE_AFTO) && r->naf != AF_INET)
> + return EPFNOSUPPORT;
> + break;
> +#endif /* INET6 */
> + default:
> + return EPFNOSUPPORT;
> + }
> +
> + if ((r->rule_flag & PFRULE_AFTO) == 0 && r->naf != 0)
> + return EPFNOSUPPORT;
> +
> + return 0;
> }
>
can we have 'return (EPFNOSUPPORT);' and 'return (0)' in
newly introduced `pf_rule_checkaf()` function? Just to keep
it consistent with remaining part of the file.
thanks and OK sashan
