summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorCamiel Dobbelaar <camield@cvs.openbsd.org>2003-02-18 08:05:16 +0000
committerCamiel Dobbelaar <camield@cvs.openbsd.org>2003-02-18 08:05:16 +0000
commit30d28f51dfbabab6bcd3ca54b29c226c9531686f (patch)
tree67923d91b2cfaf93a1cdc855931a277911747462
parent283dd5415a502254ab5d77fff2bf66b37d2353c1 (diff)
Enforce min-ttl and random-id on inbound scrub as well as outbound.
ok dhartmei@
-rw-r--r--sys/net/pf_norm.c8
1 files changed, 1 insertions, 7 deletions
diff --git a/sys/net/pf_norm.c b/sys/net/pf_norm.c
index f05ef514260..54e049520eb 100644
--- a/sys/net/pf_norm.c
+++ b/sys/net/pf_norm.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf_norm.c,v 1.54 2003/02/12 20:43:36 dhartmei Exp $ */
+/* $OpenBSD: pf_norm.c,v 1.55 2003/02/18 08:05:15 camield Exp $ */
/*
* Copyright 2001 Niels Provos <provos@citi.umich.edu>
@@ -943,9 +943,6 @@ pf_normalize_ip(struct mbuf **m0, int dir, struct ifnet *ifp, u_short *reason)
}
no_fragment:
- if (dir != PF_OUT)
- return (PF_PASS);
-
/* At this point, only IP_DF is allowed in ip_off */
h->ip_off &= IP_DF;
@@ -959,9 +956,6 @@ pf_normalize_ip(struct mbuf **m0, int dir, struct ifnet *ifp, u_short *reason)
return (PF_PASS);
fragment_pass:
- if (dir != PF_OUT)
- return (PF_PASS);
-
/* Enforce a minimum ttl, may cause endless packet loops */
if (r->min_ttl && h->ip_ttl < r->min_ttl)
h->ip_ttl = r->min_ttl;