From: yasuoka <yasuoka@openbsd.org>
Date: Sun, 22 Jan 2023 23:05:51 +0000 (+0000)
Subject: Fix pf_anchor_stackframe commit to revert pf rule matching to the
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=ef8a89aa808e8efbaf0c93fbb50a42230300f540;p=openbsd

Fix pf_anchor_stackframe commit to revert pf rule matching to the
previous behavior that stops when any rule matches within quick
anchors.

ok sasha kn
---

diff --git a/sys/net/pf.c b/sys/net/pf.c
index b121cc092f9..8cb1326a160 100644
--- a/sys/net/pf.c
+++ b/sys/net/pf.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pf.c,v 1.1170 2023/01/12 13:09:47 bluhm Exp $ */
+/*	$OpenBSD: pf.c,v 1.1171 2023/01/22 23:05:51 yasuoka Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -4210,6 +4210,10 @@ next_rule:
 	}
 
 	if (pf_anchor_stack_pop(&ruleset, &r, &child, &target) == 0) {
+		/* stop if any rule matched within quick anchors. */
+		if (r->quick == PF_TEST_QUICK && *ctx->am == r)
+			return (PF_TEST_QUICK);
+
 		switch (target) {
 		case PF_NEXT_CHILD:
 			goto next_child;