so now that alexander commited his part, I redid mine - much simpler now.
Index: net/pf.c
===================================================================
RCS file: /cvs/src/sys/net/pf.c,v
retrieving revision 1.772
diff -u -p -r1.772 pf.c
--- net/pf.c 17 Sep 2011 10:12:37 -0000 1.772
+++ net/pf.c 17 Sep 2011 10:57:42 -0000
@@ -2762,9 +2762,6 @@ pf_test_rule(struct pf_rule **rm, struct
u_int16_t virtual_type, virtual_id;
u_int8_t icmptype = 0, icmpcode = 0;
- PF_ACPY(&pd->nsaddr, pd->src, pd->af);
- PF_ACPY(&pd->ndaddr, pd->dst, pd->af);
-
bzero(&act, sizeof(act));
act.prio[0] = act.prio[1] = PF_PRIO_NOTSET;
bzero(sns, sizeof(sns));
@@ -2782,14 +2779,6 @@ pf_test_rule(struct pf_rule **rm, struct
}
switch (pd->virtual_proto) {
- case IPPROTO_TCP:
- pd->nsport = th->th_sport;
- pd->ndport = th->th_dport;
- break;
- case IPPROTO_UDP:
- pd->nsport = pd->hdr.udp->uh_sport;
- pd->ndport = pd->hdr.udp->uh_dport;
- break;
#ifdef INET
case IPPROTO_ICMP:
icmptype = pd->hdr.icmp->icmp_type;
@@ -2820,9 +2809,6 @@ pf_test_rule(struct pf_rule **rm, struct
}
break;
#endif /* INET6 */
- default:
- pd->nsport = pd->ndport = 0;
- break;
}
pd->osport = pd->nsport;
@@ -5762,6 +5748,9 @@ pf_setup_pdesc(sa_family_t af, int dir,
}
+ PF_ACPY(&pd->nsaddr, pd->src, pd->af);
+ PF_ACPY(&pd->ndaddr, pd->dst, pd->af);
+
switch (pd->virtual_proto) {
case PF_VPROTO_FRAGMENT:
/*
@@ -5838,6 +5827,12 @@ pf_setup_pdesc(sa_family_t af, int dir,
}
#endif /* INET6 */
}
+
+ if (pd->sport)
+ pd->nsport = *pd->sport;
+ if (pd->dport)
+ pd->ndport = *pd->dport;
+
return (0);
}
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed
Henning Brauer Consulting, http://henningbrauer.com/
