[src/trunk]: src/sys/net/npf npf_session_inspect: do not silently drop the pa...

[rmind <rmind%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/24bcedb27d44
branches:  trunk
changeset: 329200:24bcedb27d44
user:      rmind <rmind%NetBSD.org@localhost>
date:      Wed May 14 20:35:27 2014 +0000

description:
npf_session_inspect: do not silently drop the packet on state check failure.
Let the rules deal with it (e.g. we may want to log it).

diffstat:

 sys/net/npf/npf_session.c |  7 +++----
 1 files changed, 3 insertions(+), 4 deletions(-)

diffs (30 lines):

diff -r 41324a1868cd -r 24bcedb27d44 sys/net/npf/npf_session.c
--- a/sys/net/npf/npf_session.c Wed May 14 16:25:19 2014 +0000
+++ b/sys/net/npf/npf_session.c Wed May 14 20:35:27 2014 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: npf_session.c,v 1.31 2014/03/14 11:29:44 rmind Exp $   */
+/*     $NetBSD: npf_session.c,v 1.32 2014/05/14 20:35:27 rmind Exp $   */
 
 /*-
  * Copyright (c) 2010-2013 The NetBSD Foundation, Inc.
@@ -92,7 +92,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_session.c,v 1.31 2014/03/14 11:29:44 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_session.c,v 1.32 2014/05/14 20:35:27 rmind Exp $");
 
 #include <sys/param.h>
 #include <sys/types.h>
@@ -590,10 +590,9 @@
 
        /* Inspect the protocol data and handle state changes. */
        if (!npf_state_inspect(npc, nbuf, &se->s_state, forw)) {
-               /* Silently block invalid packets. */
+               /* Invalid: let the rules deal with it. */
                npf_session_release(se);
                npf_stats_inc(NPF_STAT_INVALID_STATE);
-               *error = ENETUNREACH;
                se = NULL;
        }
        return se;