summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStuart Henderson <sthen@cvs.openbsd.org>2009-06-25 09:30:29 +0000
committerStuart Henderson <sthen@cvs.openbsd.org>2009-06-25 09:30:29 +0000
commitec015c1082397d71c6112cd3e8de4dcaa97ae1c1 (patch)
tree597041e1c06530eceda895b0a3dc329d7b7d09cf
parent957cd49b4dbbe1c33631d8e632d3f099f42643ea (diff)
scrub_flags is a u_int8_t, but PFSTATE_SCRUB_TCP is 0x0100, so the
"reassemble tcp" state option failed to work correctly. Increasing this to u_int16_t fixes kernel/6178. ok deraadt@ henning@
Diffstat
-rw-r--r--sys/net/pf_norm.c6
-rw-r--r--sys/net/pfvar.h12
2 files changed, 9 insertions, 9 deletions
diff --git a/sys/net/pf_norm.c b/sys/net/pf_norm.c
index fccd17e5365..d111ed5ecb3 100644
--- a/sys/net/pf_norm.c
+++ b/sys/net/pf_norm.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf_norm.c,v 1.117 2009/04/07 13:26:23 henning Exp $ */
+/* $OpenBSD: pf_norm.c,v 1.118 2009/06/25 09:30:28 sthen Exp $ */
/*
* Copyright 2001 Niels Provos <provos@citi.umich.edu>
@@ -113,7 +113,7 @@ void pf_free_fragment(struct pf_fragment *);
struct pf_fragment *pf_find_fragment(struct ip *, struct pf_frag_tree *);
struct mbuf *pf_reassemble(struct mbuf **, struct pf_fragment **,
struct pf_frent *, int);
-void pf_scrub_ip(struct mbuf **, u_int8_t, u_int8_t,
+void pf_scrub_ip(struct mbuf **, u_int16_t, u_int8_t,
u_int8_t);
#ifdef INET6
void pf_scrub_ip6(struct mbuf **, u_int8_t);
@@ -1373,7 +1373,7 @@ pf_normalize_mss(struct mbuf *m, int off, struct pf_pdesc *pd, u_int16_t maxmss)
}
void
-pf_scrub_ip(struct mbuf **m0, u_int8_t flags, u_int8_t min_ttl, u_int8_t tos)
+pf_scrub_ip(struct mbuf **m0, u_int16_t flags, u_int8_t min_ttl, u_int8_t tos)
{
struct mbuf *m = *m0;
struct ip *h = mtod(m, struct ip *);
diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h
index 4bf74c75c94..d9e2ade4790 100644
--- a/sys/net/pfvar.h
+++ b/sys/net/pfvar.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfvar.h,v 1.289 2009/06/08 02:39:15 henning Exp $ */
+/* $OpenBSD: pfvar.h,v 1.290 2009/06/25 09:30:28 sthen Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -504,8 +504,8 @@ struct pf_rule_actions {
u_int8_t log;
u_int8_t set_tos;
u_int8_t min_ttl;
- u_int8_t flags;
- u_int8_t pad[2];
+ u_int8_t pad[1];
+ u_int16_t flags;
};
union pf_rule_ptr {
@@ -615,8 +615,8 @@ struct pf_rule {
#define PF_FLUSH 0x01
#define PF_FLUSH_GLOBAL 0x02
u_int8_t flush;
- u_int8_t scrub_flags;
- u_int8_t pad2[3];
+ u_int16_t scrub_flags;
+ u_int8_t pad2[2];
struct {
struct pf_addr addr;
@@ -1715,7 +1715,7 @@ int pf_normalize_tcp_stateful(struct mbuf *, int, struct pf_pdesc *,
u_short *, struct tcphdr *, struct pf_state *,
struct pf_state_peer *, struct pf_state_peer *, int *);
int pf_normalize_mss(struct mbuf *, int, struct pf_pdesc *, u_int16_t);
-void pf_scrub_ip(struct mbuf **, u_int8_t, u_int8_t, u_int8_t);
+void pf_scrub_ip(struct mbuf **, u_int16_t, u_int8_t, u_int8_t);
void pf_scrub_ip6(struct mbuf **, u_int8_t);
u_int32_t
pf_state_expires(const struct pf_state *);
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-20 00:06:41 +0000