Date: Fri, 31 Jul 2015 12:02:45 +0000 (UTC) From: Renato Botelho <garga@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r286125 - stable/10/sys/netpfil/pf Message-ID: <201507311202.t6VC2jqF097146@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: garga (ports committer) Date: Fri Jul 31 12:02:44 2015 New Revision: 286125 URL: https://svnweb.freebsd.org/changeset/base/286125 Log: MFC r285945, r285960: Respect pf rule log option before log dropped packets with IP options or dangerous v6 headers Reviewed by: gnn, eri Approved by: gnn, glebius Obtained from: pfSense Sponsored by: Netgate Differential Revision: https://reviews.freebsd.org/D3222 Modified: stable/10/sys/netpfil/pf/pf.c Directory Properties: stable/10/ (props changed) Modified: stable/10/sys/netpfil/pf/pf.c ============================================================================== --- stable/10/sys/netpfil/pf/pf.c Fri Jul 31 11:10:43 2015 (r286124) +++ stable/10/sys/netpfil/pf/pf.c Fri Jul 31 12:02:44 2015 (r286125) @@ -5894,7 +5894,7 @@ done: !((s && s->state_flags & PFSTATE_ALLOWOPTS) || r->allow_opts)) { action = PF_DROP; REASON_SET(&reason, PFRES_IPOPTIONS); - log = 1; + log = r->log; DPFPRINTF(PF_DEBUG_MISC, ("pf: dropping packet with ip options\n")); } @@ -6326,7 +6326,7 @@ done: !((s && s->state_flags & PFSTATE_ALLOWOPTS) || r->allow_opts)) { action = PF_DROP; REASON_SET(&reason, PFRES_IPOPTIONS); - log = 1; + log = r->log; DPFPRINTF(PF_DEBUG_MISC, ("pf: dropping packet with dangerous v6 headers\n")); }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201507311202.t6VC2jqF097146>