D49352.diff
No OneTemporary
Actions

Size

1 KB

Referenced Files

None

Subscribers

None

D49352.diff
View Options

	diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
	--- a/sys/netpfil/pf/pf.c
	+++ b/sys/netpfil/pf/pf.c
	@@ -5962,7 +5962,8 @@
	&match_rules, udp_mapping);
	if (action != PF_PASS) {
	pf_udp_mapping_release(udp_mapping);
	- pd->act.log \|= PF_LOG_FORCE;
	+ if (r->log \|\| (nr != NULL && nr->log))
	+ pd->act.log \|= PF_LOG_FORCE;
	if (action == PF_DROP &&
	(r->rule_flag & PFRULE_RETURN))
	pf_return(r, nr, pd, sk, th,
	diff --git a/tests/sys/netpfil/pf/pflog.sh b/tests/sys/netpfil/pf/pflog.sh
	--- a/tests/sys/netpfil/pf/pflog.sh
	+++ b/tests/sys/netpfil/pf/pflog.sh
	@@ -246,6 +246,16 @@
	# then a drop because of the state limit. Ideally only the drop would
	# be logged; if this is fixed, the count will be 2 instead of 3.
	atf_check -o match:3 grep -c . pflog.txt
	+
	+ pft_set_rules alcatraz "pass inet keep state (max 1)"
	+
	+ atf_check -s exit:0 -o ignore \
	+ ping -c 1 192.0.2.1
	+
	+ atf_check -s exit:2 -o ignore \
	+ ping -c 1 192.0.2.1
	+
	+ atf_check -o match:3 grep -c . pflog.txt
	}

	state_max_cleanup()