diff options
| author | Kristof Provost <kp@FreeBSD.org> | 2024-01-02 14:52:39 +0000 |
|---|---|---|
| committer | Kristof Provost <kp@FreeBSD.org> | 2024-01-04 22:08:08 +0000 |
| commit | 948e8413aba0ee600ceb563cee048a6ef74a6a2c (patch) | |
| tree | 7758a2dfce54e10b9ccfc64bd814ee48f41247c0 /sys/net/pfvar.h | |
| parent | 5f840a1758b4bbb4892118f43f40c6487c17aeba (diff) | |
| download | src-948e8413aba0ee600ceb563cee048a6ef74a6a2c.tar.gz src-948e8413aba0ee600ceb563cee048a6ef74a6a2c.zip | |
pflog: pass the action to pflog directly
If a packet is malformed, it is dropped by pf(4). The rule referenced
in pflog(4) is the default rule. As the default rule is a pass
rule, tcpdump printed "pass" although the packet was actually
dropped. Use the actual action, rather than the rule's action, or an
attempt at guessing the correct action.
Inspired by OpenBSD's 'pflog(4) logs packet dropped by default rule with block.' commit.
Sponsored by: Rubicon Communications, LLC ("Netgate")
Diffstat (limited to 'sys/net/pfvar.h')
| -rw-r--r-- | sys/net/pfvar.h | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h index 48162b786a86..020b79ded94c 100644 --- a/sys/net/pfvar.h +++ b/sys/net/pfvar.h @@ -1208,7 +1208,7 @@ void pf_state_export(struct pf_state_export *, struct pf_kruleset; struct pf_pdesc; typedef int pflog_packet_t(struct pfi_kkif *, struct mbuf *, sa_family_t, - u_int8_t, struct pf_krule *, struct pf_krule *, struct pf_kruleset *, + uint8_t, u_int8_t, struct pf_krule *, struct pf_krule *, struct pf_kruleset *, struct pf_pdesc *, int); extern pflog_packet_t *pflog_packet_ptr; |