From: naddy <naddy@openbsd.org>
Date: Fri, 8 Sep 2023 13:40:52 +0000 (+0000)
Subject: revert previous
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=dbfb0ac19d839cc872d4bdbb1244cafedad802ea;p=openbsd

revert previous

The change broke IPv6 neighbor discovery, and anton@ reports several
regression test failures.

ok bluhm@
---

diff --git a/sys/net/pf.c b/sys/net/pf.c
index bf6b6d06c08..ad2d73af28b 100644
--- a/sys/net/pf.c
+++ b/sys/net/pf.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pf.c,v 1.1185 2023/09/07 09:59:43 sashan Exp $ */
+/*	$OpenBSD: pf.c,v 1.1186 2023/09/08 13:40:52 naddy Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -4148,10 +4148,6 @@ enter_ruleset:
 			    (r->rule_flag & PFRULE_STATESLOPPY) == 0 &&
 			    ctx->icmp_dir != PF_IN),
 				TAILQ_NEXT(r, entries));
-			/* icmp packet must match existing state */
-			PF_TEST_ATTRIB(r->keep_state && ctx->state_icmp &&
-			    (r->rule_flag & PFRULE_STATESLOPPY) == 0,
-				TAILQ_NEXT(r, entries));
 			break;
 
 		case IPPROTO_ICMPV6:
@@ -4169,10 +4165,6 @@ enter_ruleset:
 			    ctx->icmp_dir != PF_IN &&
 			    ctx->icmptype != ND_NEIGHBOR_ADVERT),
 				TAILQ_NEXT(r, entries));
-			/* icmp packet must match existing state */
-			PF_TEST_ATTRIB(r->keep_state && ctx->state_icmp &&
-			    (r->rule_flag & PFRULE_STATESLOPPY) == 0,
-				TAILQ_NEXT(r, entries));
 			break;
 
 		default: