diff options
| author | Ryan Thomas McBride <mcbride@cvs.openbsd.org> | 2004-03-25 03:03:50 +0000 |
|---|---|---|
| committer | Ryan Thomas McBride <mcbride@cvs.openbsd.org> | 2004-03-25 03:03:50 +0000 |
| commit | a86d56237d0387c79b4322f46f01e1331a202a42 (patch) | |
| tree | 115b09be3ae9782292775960114b0d990fc95800 | |
| parent | d4666c51c1361921a6c271c416f30ac91dda8fe6 (diff) | |
Fix icmp checksum when sequence number modlation is being used.
Also fix a daddr vs saddr cut-n-paste error in ICMP error handling.
From dhartmei@
ok deraadt@
| -rw-r--r-- | sys/net/pf.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index fb4dffb0d89..4c3a8252594 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.431 2004/03/22 04:54:17 mcbride Exp $ */ +/* $OpenBSD: pf.c,v 1.432 2004/03/25 03:03:49 mcbride Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -4366,7 +4366,7 @@ pf_test_state_icmp(struct pf_state **state, int direction, struct pfi_kif *kif, /* Demodulate sequence number */ seq = ntohl(th.th_seq) - src->seqdiff; if (src->seqdiff) - pf_change_a(&th.th_seq, &th.th_sum, + pf_change_a(&th.th_seq, icmpsum, htonl(seq), 0); if (!SEQ_GEQ(src->seqhi, seq) || @@ -4387,7 +4387,7 @@ pf_test_state_icmp(struct pf_state **state, int direction, struct pfi_kif *kif, if (STATE_TRANSLATE(*state)) { if (direction == PF_IN) { pf_change_icmp(pd2.src, &th.th_sport, - saddr, &(*state)->lan.addr, + daddr, &(*state)->lan.addr, (*state)->lan.port, NULL, pd2.ip_sum, icmpsum, pd->ip_sum, 0, pd2.af); |