svn commit: r286125 - stable/10/sys/netpfil/pf
Renato Botelho
garga at FreeBSD.org
Fri Jul 31 12:02:45 UTC 2015
Author: garga (ports committer)
Date: Fri Jul 31 12:02:44 2015
New Revision: 286125
URL: https://svnweb.freebsd.org/changeset/base/286125
Log:
MFC r285945, r285960:
Respect pf rule log option before log dropped packets with IP options or
dangerous v6 headers
Reviewed by: gnn, eri
Approved by: gnn, glebius
Obtained from: pfSense
Sponsored by: Netgate
Differential Revision: https://reviews.freebsd.org/D3222
Modified:
stable/10/sys/netpfil/pf/pf.c
Directory Properties:
stable/10/ (props changed)
Modified: stable/10/sys/netpfil/pf/pf.c
==============================================================================
--- stable/10/sys/netpfil/pf/pf.c Fri Jul 31 11:10:43 2015 (r286124)
+++ stable/10/sys/netpfil/pf/pf.c Fri Jul 31 12:02:44 2015 (r286125)
@@ -5894,7 +5894,7 @@ done:
!((s && s->state_flags & PFSTATE_ALLOWOPTS) || r->allow_opts)) {
action = PF_DROP;
REASON_SET(&reason, PFRES_IPOPTIONS);
- log = 1;
+ log = r->log;
DPFPRINTF(PF_DEBUG_MISC,
("pf: dropping packet with ip options\n"));
}
@@ -6326,7 +6326,7 @@ done:
!((s && s->state_flags & PFSTATE_ALLOWOPTS) || r->allow_opts)) {
action = PF_DROP;
REASON_SET(&reason, PFRES_IPOPTIONS);
- log = 1;
+ log = r->log;
DPFPRINTF(PF_DEBUG_MISC,
("pf: dropping packet with dangerous v6 headers\n"));
}
More information about the svn-src-stable-10
mailing list