rfd163-new-world Udiff usr/src/uts/common/inet/ipf/fil.c

Print this page

Only exploit ipf state keeping for CFW logging.

@@ -2586,10 +2586,13 @@
         if ((ifs->ifs_fr_flags & FF_LOGGING) || (pass & FR_LOGMASK)) {
                 (void) fr_dolog(fin, &pass);
         }
 #endif
 
+        if (IFS_CFWLOG(ifs) && FR_ISBLOCK(pass))
+                ipf_block_cfwlog(fr, fin, ifs);
+
         /*
          * The FI_STATE flag is cleared here so that calling fr_checkstate
          * will work when called from inside of fr_fastroute.  Although
          * there is a similar flag, FI_NATED, for NAT, it does have the same
          * impact on code execution.