git: 5f840a1758b4 - main - pf: don't clobber log flag

From: Kristof Provost <kp_at_FreeBSD.org>
Date: Thu, 04 Jan 2024 22:08:48 UTC
The branch main has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=5f840a1758b4bbb4892118f43f40c6487c17aeba

commit 5f840a1758b4bbb4892118f43f40c6487c17aeba
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2024-01-02 13:54:06 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2024-01-04 22:08:08 +0000

    pf: don't clobber log flag
    
    If we decide to discard a packet due to unexpected IP options or
    unsupported headers we set pd.act.log. However, this can later get
    overwritten when we copy the state's saved actions over.
    
    Merge the two log fields to ensure we log as expected.
    
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
---
 sys/netpfil/pf/pf.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
index e19370cc7333..9e9743c1e5e0 100644
--- a/sys/netpfil/pf/pf.c
+++ b/sys/netpfil/pf/pf.c
@@ -8210,7 +8210,9 @@ done:
 	}
 
 	if (s) {
+		uint8_t log = pd.act.log;
 		memcpy(&pd.act, &s->act, sizeof(struct pf_rule_actions));
+		pd.act.log |= log;
 		tag = s->tag;
 		rt = s->rt;
 	} else {
@@ -8819,7 +8821,9 @@ done:
 	}
 
 	if (s) {
+		uint8_t log = pd.act.log;
 		memcpy(&pd.act, &s->act, sizeof(struct pf_rule_actions));
+		pd.act.log |= log;
 		tag = s->tag;
 		rt = s->rt;
 	} else {