summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHenning Brauer <henning@cvs.openbsd.org>2008-02-20 23:40:14 +0000
committerHenning Brauer <henning@cvs.openbsd.org>2008-02-20 23:40:14 +0000
commit4f61aacdcd47f2dc9a6433549d408cdc674df873 (patch)
treea652f853a903285738043a1cd8619eeae1d6663c
parentfce89c4195c59972a391ce9f833718b9fde2e5e7 (diff)
make return-rst work correctly in the IPv6 case again.
broken by me almost a year ago with the proto_checksum changes :( problem noticed & fix tested by Helmut Schneider <jumper99@gmx.de> narrowed down & ok dhartmei
-rw-r--r--sys/net/pf.c20
1 files changed, 16 insertions, 4 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c
index 772f94f378a..b99b767f933 100644
--- a/sys/net/pf.c
+++ b/sys/net/pf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf.c,v 1.566 2008/02/16 12:22:19 markus Exp $ */
+/* $OpenBSD: pf.c,v 1.567 2008/02/20 23:40:13 henning Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -3276,10 +3276,22 @@ pf_test_rule(struct pf_rule **rm, struct pf_state **sm, int direction,
(r->rule_flag & PFRULE_RETURN)) &&
!(th->th_flags & TH_RST)) {
u_int32_t ack = ntohl(th->th_seq) + pd->p_len;
- struct ip *h = mtod(m, struct ip *);
+ int len = 0;
+ struct ip *h4;
+ struct ip6_hdr *h6;
- if (pf_check_proto_cksum(m, off,
- ntohs(h->ip_len) - off, IPPROTO_TCP, AF_INET))
+ switch (af) {
+ case AF_INET:
+ h4 = mtod(m, struct ip *);
+ len = ntohs(h4->ip_len) - off;
+ break;
+ case AF_INET6:
+ h6 = mtod(m, struct ip6_hdr *);
+ len = ntohs(h6->ip6_plen) - (off - sizeof(*h6));
+ break;
+ }
+
+ if (pf_check_proto_cksum(m, off, len, IPPROTO_TCP, af))
REASON_SET(&reason, PFRES_PROTCKSUM);
else {
if (th->th_flags & TH_SYN)