diff options
author | garga <garga@FreeBSD.org> | 2015-07-31 12:02:44 +0000 |
---|---|---|
committer | garga <garga@FreeBSD.org> | 2015-07-31 12:02:44 +0000 |
commit | b0aaac698f0ea6fd4d30e402ebe1d96f98110f7c (patch) | |
tree | df4fad903f1ebab3fea4cef600756b32015c8d88 /sys/netpfil | |
parent | 3b7e178dff4e27a7af3082544973147cba8d2f5c (diff) | |
download | FreeBSD-src-b0aaac698f0ea6fd4d30e402ebe1d96f98110f7c.zip FreeBSD-src-b0aaac698f0ea6fd4d30e402ebe1d96f98110f7c.tar.gz |
MFC r285945, r285960:
Respect pf rule log option before log dropped packets with IP options or
dangerous v6 headers
Reviewed by: gnn, eri
Approved by: gnn, glebius
Obtained from: pfSense
Sponsored by: Netgate
Differential Revision: https://reviews.freebsd.org/D3222
Diffstat (limited to 'sys/netpfil')
-rw-r--r-- | sys/netpfil/pf/pf.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index 920aa91..f0147e8 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -5894,7 +5894,7 @@ done: !((s && s->state_flags & PFSTATE_ALLOWOPTS) || r->allow_opts)) { action = PF_DROP; REASON_SET(&reason, PFRES_IPOPTIONS); - log = 1; + log = r->log; DPFPRINTF(PF_DEBUG_MISC, ("pf: dropping packet with ip options\n")); } @@ -6326,7 +6326,7 @@ done: !((s && s->state_flags & PFSTATE_ALLOWOPTS) || r->allow_opts)) { action = PF_DROP; REASON_SET(&reason, PFRES_IPOPTIONS); - log = 1; + log = r->log; DPFPRINTF(PF_DEBUG_MISC, ("pf: dropping packet with dangerous v6 headers\n")); } |