summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHenning Brauer <henning@cvs.openbsd.org>2011-04-04 14:14:54 +0000
committerHenning Brauer <henning@cvs.openbsd.org>2011-04-04 14:14:54 +0000
commitaabbe2fa8d6e52ed6603d959dd1c9411236cdcc5 (patch)
tree70883a0f5d65ed181abc821aa26a0b4dd7aef62b
parentcfa4ccb854c4c0485f159f340d7547dabee37de1 (diff)
stop fiddling with the ip checksum here too, it is always recalculated
in all output pathes anyway. even worse than in the rest of pf, here we ran circles to update the ip cksum every time we flip a tiny bit in the header... pretty sure dlg claudio ok'd it and it is damn obvious anyway
-rw-r--r--sys/net/pf_norm.c41
1 files changed, 7 insertions, 34 deletions
diff --git a/sys/net/pf_norm.c b/sys/net/pf_norm.c
index a04d1bfbb59..ac65abc4766 100644
--- a/sys/net/pf_norm.c
+++ b/sys/net/pf_norm.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf_norm.c,v 1.130 2011/03/24 20:09:44 bluhm Exp $ */
+/* $OpenBSD: pf_norm.c,v 1.131 2011/04/04 14:14:53 henning Exp $ */
/*
* Copyright 2001 Niels Provos <provos@citi.umich.edu>
@@ -756,12 +756,8 @@ pf_normalize_ip(struct mbuf **m0, int dir, struct pfi_kif *kif,
goto drop;
/* Clear IP_DF if we're in no-df mode */
- if (pf_status.reass & PF_REASS_NODF && h->ip_off & htons(IP_DF)) {
- u_int16_t ip_off = h->ip_off;
-
+ if (pf_status.reass & PF_REASS_NODF && h->ip_off & htons(IP_DF))
h->ip_off &= htons(~IP_DF);
- h->ip_sum = pf_cksum_fixup(h->ip_sum, ip_off, h->ip_off, 0);
- }
/* We will need other tests here */
if (!fragoff && !mff)
@@ -788,12 +784,8 @@ pf_normalize_ip(struct mbuf **m0, int dir, struct pfi_kif *kif,
no_fragment:
/* At this point, only IP_DF is allowed in ip_off */
- if (h->ip_off & ~htons(IP_DF)) {
- u_int16_t ip_off = h->ip_off;
-
+ if (h->ip_off & ~htons(IP_DF))
h->ip_off &= htons(IP_DF);
- h->ip_sum = pf_cksum_fixup(h->ip_sum, ip_off, h->ip_off, 0);
- }
pd->flags |= PFDESC_IP_REAS;
return (PF_PASS);
@@ -1562,39 +1554,20 @@ pf_scrub_ip(struct mbuf **m0, u_int16_t flags, u_int8_t min_ttl, u_int8_t tos)
struct ip *h = mtod(m, struct ip *);
/* Clear IP_DF if no-df was requested */
- if (flags & PFSTATE_NODF && h->ip_off & htons(IP_DF)) {
- u_int16_t ip_off = h->ip_off;
-
+ if (flags & PFSTATE_NODF && h->ip_off & htons(IP_DF))
h->ip_off &= htons(~IP_DF);
- h->ip_sum = pf_cksum_fixup(h->ip_sum, ip_off, h->ip_off, 0);
- }
/* Enforce a minimum ttl, may cause endless packet loops */
- if (min_ttl && h->ip_ttl < min_ttl) {
- u_int16_t ip_ttl = h->ip_ttl;
-
+ if (min_ttl && h->ip_ttl < min_ttl)
h->ip_ttl = min_ttl;
- h->ip_sum = pf_cksum_fixup(h->ip_sum, ip_ttl, h->ip_ttl, 0);
- }
/* Enforce tos */
- if (flags & PFSTATE_SETTOS) {
- u_int16_t ov, nv;
-
- ov = *(u_int16_t *)h;
+ if (flags & PFSTATE_SETTOS)
h->ip_tos = tos;
- nv = *(u_int16_t *)h;
-
- h->ip_sum = pf_cksum_fixup(h->ip_sum, ov, nv, 0);
- }
/* random-id, but not for fragments */
- if (flags & PFSTATE_RANDOMID && !(h->ip_off & ~htons(IP_DF))) {
- u_int16_t ip_id = h->ip_id;
-
+ if (flags & PFSTATE_RANDOMID && !(h->ip_off & ~htons(IP_DF)))
h->ip_id = htons(ip_randomid());
- h->ip_sum = pf_cksum_fixup(h->ip_sum, ip_id, h->ip_id, 0);
- }
}
#ifdef INET6