From 0e4e6ccdcdea3ee93f2da20322ead73b7c47550f Mon Sep 17 00:00:00 2001
From: glebius <glebius@FreeBSD.org>
Date: Wed, 6 Jun 2012 09:36:52 +0000
Subject: Merge revision 1.715 from OpenBSD:

  date: 2010/12/24 20:12:56;  author: henning;  state: Exp;  lines: +3 -3
  in pf_src_connlimit, the indices to sk->addr were swapped.
  tracked down and diff sent by Robert B Mills <rbmills at sdf.lonestar.org>
  thanks, very good work! ok claudio

Impact is that the "flush" keyword didn't work.

Obtained from:	OpenBSD
MFC after:	1 week
---
 sys/contrib/pf/net/pf.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'sys/contrib')

diff --git a/sys/contrib/pf/net/pf.c b/sys/contrib/pf/net/pf.c
index 7058b7d..ac51282 100644
--- a/sys/contrib/pf/net/pf.c
+++ b/sys/contrib/pf/net/pf.c
@@ -643,10 +643,10 @@ pf_src_connlimit(struct pf_state **state)
 				    (*state)->key[PF_SK_WIRE]->af &&
 				    (((*state)->direction == PF_OUT &&
 				    PF_AEQ(&(*state)->src_node->addr,
-					&sk->addr[0], sk->af)) ||
+					&sk->addr[1], sk->af)) ||
 				    ((*state)->direction == PF_IN &&
 				    PF_AEQ(&(*state)->src_node->addr,
-					&sk->addr[1], sk->af))) &&
+					&sk->addr[0], sk->af))) &&
 				    ((*state)->rule.ptr->flush &
 				    PF_FLUSH_GLOBAL ||
 				    (*state)->rule.ptr == st->rule.ptr)) {
-- 
cgit v1.1