summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDavid Krause <david@cvs.openbsd.org>2009-04-16 04:40:20 +0000
committerDavid Krause <david@cvs.openbsd.org>2009-04-16 04:40:20 +0000
commitc4bfdcfea3eb82fe4452e84783f8cec99b74a436 (patch)
tree897ebdb7ee29a9ace7b6b62b96dd703a0791f830
parent1ff74c3375d0fd7c55eb9b12c57d1b83d0ce49f1 (diff)
Really turn fragment reassembly on by default. pfctl must handle this
since the DIOCSETREASS ioctl is called on every ruleset load and was overriding the initial setting in pfattach(). Fix setting of the global no-df bitmask as well. ok henning@
-rw-r--r--sbin/pfctl/pfctl.c7
-rw-r--r--sys/net/pf_ioctl.c4
2 files changed, 6 insertions, 5 deletions
diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c
index ff03a04d02d..c74895afb2c 100644
--- a/sbin/pfctl/pfctl.c
+++ b/sbin/pfctl/pfctl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfctl.c,v 1.281 2009/04/06 12:05:55 henning Exp $ */
+/* $OpenBSD: pfctl.c,v 1.282 2009/04/16 04:40:19 david Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -1546,6 +1546,7 @@ pfctl_init_options(struct pfctl *pf)
pf->limit[PF_LIMIT_TABLE_ENTRIES] = PFR_KENTRY_HIWAT_SMALL;
pf->debug = PF_DEBUG_URGENT;
+ pf->reassemble = PF_REASS_ENABLED;
}
int
@@ -1705,7 +1706,9 @@ pfctl_set_reassembly(struct pfctl *pf, int on, int nodf)
if (on) {
pf->reassemble = PF_REASS_ENABLED;
if (nodf)
- pf->reassemble &= PF_REASS_NODF;
+ pf->reassemble |= PF_REASS_NODF;
+ } else {
+ pf->reassemble = 0;
}
if (pf->opts & PF_OPT_VERBOSE)
diff --git a/sys/net/pf_ioctl.c b/sys/net/pf_ioctl.c
index aa459d683e8..4ab28bfff26 100644
--- a/sys/net/pf_ioctl.c
+++ b/sys/net/pf_ioctl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf_ioctl.c,v 1.217 2009/04/07 12:48:40 henning Exp $ */
+/* $OpenBSD: pf_ioctl.c,v 1.218 2009/04/16 04:40:19 david Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -2842,8 +2842,6 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
u_int32_t *reass = (u_int32_t *)addr;
pf_status.reass = *reass;
- if (!(pf_status.reass & PF_REASS_ENABLED))
- pf_status.reass = 0;
break;
}