On Fri, Dec 01, 2017 at 03:33:33AM -0700, Alexander Bluhm wrote: > CVSROOT: /cvs > Module name: src > Changes by: bl...@cvs.openbsd.org 2017/12/01 03:33:33 > > Modified files: > sys/net : pf.c > sys/netinet : in_pcb.c in_pcb.h tcp_input.c tcp_usrreq.c > udp_usrreq.c > > Log message: > Simplify the reverse PCB lookup logic. The PF_TAG_TRANSLATE_LOCALHOST > security check prevents that the user accidentally configures > redirect where a divert-to would be appropriate. Instead of spreading > the logic into tcp and udp input, check the flag during PCB listen > lookup. This also reduces parameters of in_pcblookup_listen(). > OK visa@
and OK sashan@
