diff options
| author | Alexander Bluhm <bluhm@cvs.openbsd.org> | 2014-07-13 17:41:05 +0000 |
|---|---|---|
| committer | Alexander Bluhm <bluhm@cvs.openbsd.org> | 2014-07-13 17:41:05 +0000 |
| commit | 78e4acd79c9727d712a1ab55d05a72aa5e10ad9a (patch) | |
| tree | 19006479f759742aee072db7697a82aa412a7e6e | |
| parent | 0e0ce3f526173b55ea328a02af091600d938fe48 (diff) | |
When reassembled IPv6 fragments are NATed or RDRed by pf, the
checksum has to be recalculated before the packet is fragmented
again. Put a missing in6_proto_cksum_out() into pf_refragment6().
This makes run-regress-frag6 and run-regress-frag6-ext pass again.
From Matthias Pitzl; OK henning@
| -rw-r--r-- | sys/net/pf_norm.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/sys/net/pf_norm.c b/sys/net/pf_norm.c index f0342fc7191..0601fe2c794 100644 --- a/sys/net/pf_norm.c +++ b/sys/net/pf_norm.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_norm.c,v 1.165 2014/03/27 12:07:48 jca Exp $ */ +/* $OpenBSD: pf_norm.c,v 1.166 2014/07/13 17:41:04 bluhm Exp $ */ /* * Copyright 2001 Niels Provos <provos@citi.umich.edu> @@ -703,6 +703,9 @@ pf_refragment6(struct mbuf **m0, struct m_tag *mtag, int dir) mtag = NULL; ftag = NULL; + /* Checksum must be calculated for the whole packet */ + in6_proto_cksum_out(m, NULL); + if (extoff) { int off; |